Igor Mozolevsky
2017-Dec-10 19:36 UTC
http subversion URLs should be discontinued in favor of https URLs
On 10 December 2017 at 19:31, Yuri <yuri at rawbw.com> wrote:> On 12/10/17 11:24, Igor Mozolevsky wrote: > > It seems the problem is **not** FreeBSD but Tor in your case! > > > This is the problem of the weakest link in the system which is FreeBSD. >If I give my bank card and PIN to someone who I don't trust, I can't complain that my bank doesn't take adequate precautions if that person drains my bank account! You choose to go down a route that *you* know is compromised! -- Igor M.
Yuri
2017-Dec-10 19:47 UTC
http subversion URLs should be discontinued in favor of https URLs
On 12/10/17 11:36, Igor Mozolevsky wrote:> If I give my bank card and PIN to someone who I don't trust, I can't > complain that my bank doesn't take adequate precautions if that person > drains my bank account! You choose to go down a route that*you* know is > compromised!1. The user has set up the subversion source trees based on the *current advice* here for anonymous checkout: https://wiki.freebsd.org/PortsSubversionPrimer> % svn co http://svn.freebsd.org/ports/head /usr/ports2. The user heard that Tor improves his anonymity, and decided to use it. 3. The user updated the sources through Tor and got hacked. Where did this user go wrong, or where has he been irresponsible? The fact that this page https://wiki.freebsd.org/PortsSubversionPrimer still recommends http is appalling! Yuri