bug-standards
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FTP,HTTP → HTTPS in GNU Standards


From: Paul Eggert
Subject: FTP,HTTP → HTTPS in GNU Standards
Date: Sat, 16 Sep 2017 16:15:34 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

In Gnulib, Emacs, etc. we are changing URLs to use https: instead of ftp: and http:, to discourage man-in-the-middle attacks when downloading software. The attached patch propagates these changes upstream to the GNU Coding Standards.

Although the GNU Coding Standards are not secret, plain HTTP is vulnerable to malicious routers that tamper with responses from GNU servers, and this sort of thing is all too common when people in some other countries browse US-based websites. See, for example:

Aceto G, Botta A, Pescapé A, Awan MF, Ahmad T, Qaisar S. Analyzing internet censorship in Pakistan. RTSI 2016. https://dx.doi.org/10.1109/RTSI.2016.7740626

HTTPS is not a complete solution here, but it can be a significant help.

Attachment: gnustandards-https.diff
Description: Text Data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]