freebsd security - Dec 2017 - http subversion URLs should be discontinued in favor of https URLs

The pull request was rejected for a valid reason, offering http allows
users with limited network access chance to clone or download freebsd where
https is not possible. We all have differences of option on the matter and
having a flame war on a mailing list just gives the project a bad
reputation.


Regards,
--
Luke Crooks
Solent Wholesale Carpets
www.solentwholesale.com

On Fri, Dec 8, 2017 at 8:25 AM, TJ Varghese <tj at tjvarghese.com> wrote:
> On 12/07/2017 10:50 PM, Poul-Henning Kamp wrote:
>
>>
>> You can't have the latter without the former.  Assertion of
identity is
>>> the only protection against MITM eavesdropping or tampering.
>>>
>> Or more generally:
>>
>> If you dont/cant trust the other end, why would you trust them to
>> keep the communication secret ?
>>
>>
> I'm curious as to your take on electronic banking. Should they all
merely
> use HTTP since HTTPS is hopelessly compromised by design? If your objection
> is that HTTPS bring nothing to the security table, then it really
doesn't
> make a difference where it's used and we should all just stop using it,
no?
>
>
>
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at
freebsd.org
> "
>

On 2017-12-08, Luke Crooks <luke at solentwholesale.com> wrote:
> The pull request was rejected for a valid reason, offering http allows
> users with limited network access chance to clone or download freebsd where
> https is not possible.
Do users actually exist who have access to http but not to https?
Or is this a myth?  And how do these users access popular sites
like Wikipedia, or www.FreeBSD.org for that matter?

This is also of interest for the choice of master sites in ports.

-- 
Christian "naddy" Weisgerber                          naddy at
mips.inka.de