freebsd security - Dec 2017 - http subversion URLs should be discontinued in favor of https URLs

On 10 December 2017 at 19:23, Yuri <yuri at rawbw.com> wrote:
> On 12/10/17 10:15, Igor Mozolevsky wrote:
>
>> They are not "hypothetical characters," they are invented
characters that
>> are used in a threat model. But that's reframing the problem- a
>> hypothetical threat model is very different to a real threat model.
>>
>
>
> This is a very real threat model. There are a lot of malicious Tor exit
> node operators, and a lot of FreeBSD users update their system over
> subversion. The only thing that the Tor node operator needs to do is to
> detect relevant requests and serve malware.
>
> How is this not real?


It seems the problem is *not* FreeBSD but Tor in your case!


-- 
Igor M.

On 12/10/17 11:24, Igor Mozolevsky wrote:
> It seems the problem is*not*  FreeBSD but Tor in your case!

This is the problem of the weakest link in the system which is FreeBSD.


Yuri