Igor Mozolevsky
2017-Dec-10 17:39 UTC
http subversion URLs should be discontinued in favor of https URLs
On 10 December 2017 at 17:32, John-Mark Gurney <jmg at funkthat.com> wrote: <snip>> > The discussion has been for svn updates over http, not for freebsd-update > updates which are independantly signed and verified.. There is currently > no signatures provided via SVN to validate any source received via http. > >There has been no instance of in-transit compromise reported since SVN was introduced. Even when the back-end was compromised, there was not detectable compromise of the codebase [1]. So even if the codebase was compromised, unless people *really knew* what they were doing, HTTPS would seed a false sense of security. There is a number of organisation that your computer is told to trust by default who have the know-how and capability to mount MITM without one even knowing unless that one were to manually verify CAs used for host certs, again, HTTPS doesn't buy anything in that regards. 1. https://www.freebsd.org/news/2012-compromise.html -- Igor M.
Yuri
2017-Dec-10 17:46 UTC
http subversion URLs should be discontinued in favor of https URLs
On 12/10/17 09:39, Igor Mozolevsky wrote:> There has been no instance of in-transit compromise reported since SVN was > introduced. > > Even when the back-end was compromised, there was not detectable compromise > of the codebase [1]. So even if the codebase was compromised, unless people > *really knew* what they were doing, HTTPS would seed a false sense of > security.This is another incarnation of the bogus argument: https also has some vulnerabilities, so let's just stay with a completely insecure http until some ideal solution will be found in the future. Yuri
Yuri
2017-Dec-10 17:48 UTC
http subversion URLs should be discontinued in favor of https URLs
On 12/10/17 09:39, Igor Mozolevsky wrote:> There has been no instance of in-transit compromise reported since SVN was > introduced. > > Even when the back-end was compromised, there was not detectable compromise > of the codebase [1]. So even if the codebase was compromised, unless people > *really knew* what they were doing, HTTPS would seed a false sense of > security.This is another incarnation of the bogus argument: https also has some vulnerabilities, so let's just stay with a completely insecure http until some ideal solution will be found in the future. Yuri
John-Mark Gurney
2017-Dec-10 19:02 UTC
http subversion URLs should be discontinued in favor of https URLs
Igor Mozolevsky wrote this message on Sun, Dec 10, 2017 at 17:39 +0000:> On 10 December 2017 at 17:32, John-Mark Gurney <jmg at funkthat.com> wrote: > > <snip> > > > The discussion has been for svn updates over http, not for freebsd-update > > updates which are independantly signed and verified.. There is currently > > no signatures provided via SVN to validate any source received via http. > > There has been no instance of in-transit compromise reported since SVN was > introduced.So, you require an exploit in the wild before you'll patch? -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."