[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#29046: [PATCH] gnu: linux-libre: Change URL to HTTPS.
|
From: |
Leo Famulari |
|
Subject: |
bug#29046: [PATCH] gnu: linux-libre: Change URL to HTTPS. |
|
Date: |
Sun, 12 Nov 2017 15:48:04 -0500 |
|
User-agent: |
Mutt/1.9.1 (2017-09-22) |
On Tue, Nov 07, 2017 at 02:05:24PM -0500, Mark H Weaver wrote:
> Is an active attack needed to determine which file we are downloading
> from linux-libre.fsfla.org? I think not. The IP address of that host
> reverse resolves to "linux-libre.fsfla.org", which makes it obvious.
> The title of the paper Ludovic cited above makes the point:
I should clarify that by "active attacker" I mean someone who is doing
anything beyond simply recording the traffic. So, if they are making
lists of file sizes of different kernel tarballs, or keeping a database
of which sites you visited, keyed by your IP / identity, that's
"active".
> Anyway, having said this, if using HTTPS for linux-libre downloads makes
> you sleep better at night, I'm okay with it.
It doesn't affect my rest, but I assume you are speaking metaphorically.
So, I pushed the change as 8420c7a3565b6a984cdd95336f66d555edc87d90.
Thanks Rutger!
signature.asc
Description: PGP signature