Igor Mozolevsky
2017-Dec-10 19:17 UTC
http subversion URLs should be discontinued in favor of https URLs
On 10 December 2017 at 19:02, John-Mark Gurney <jmg at funkthat.com> wrote:> Igor Mozolevsky wrote this message on Sun, Dec 10, 2017 at 17:39 +0000: > > On 10 December 2017 at 17:32, John-Mark Gurney <jmg at funkthat.com> wrote: > > > > <snip> > > > > > The discussion has been for svn updates over http, not for > freebsd-update > > > updates which are independantly signed and verified.. There is > currently > > > no signatures provided via SVN to validate any source received via > http. > > > > There has been no instance of in-transit compromise reported since SVN > was > > introduced. > > So, you require an exploit in the wild before you'll patch?No, I'm saying it's not a realistic threat model! If the threat is the integrity of the source code in transit, then it'd be way cheaper and way more reasonable to implement a Merkle Tree-like verification with each revision. -- Igor M.
John-Mark Gurney
2017-Dec-10 19:42 UTC
http subversion URLs should be discontinued in favor of https URLs
Igor Mozolevsky wrote this message on Sun, Dec 10, 2017 at 19:17 +0000:> On 10 December 2017 at 19:02, John-Mark Gurney <jmg at funkthat.com> wrote: > > > Igor Mozolevsky wrote this message on Sun, Dec 10, 2017 at 17:39 +0000: > > > On 10 December 2017 at 17:32, John-Mark Gurney <jmg at funkthat.com> wrote: > > > > > > <snip> > > > > > > > The discussion has been for svn updates over http, not for > > freebsd-update > > > > updates which are independantly signed and verified.. There is > > currently > > > > no signatures provided via SVN to validate any source received via > > http. > > > > > > There has been no instance of in-transit compromise reported since SVN > > was > > > introduced. > > > > So, you require an exploit in the wild before you'll patch? > > No, I'm saying it's not a realistic threat model! If the threat is the > integrity of the source code in transit, then it'd be way cheaper and way > more reasonable to implement a Merkle Tree-like verification with each > revision.Then you should be fine w/ http for banking sites, since it's not realistic that your ISP will MITM your connection to steal money from you, right? I don't know of a single instance of an ISP MITM'ing banking transactions to steal money. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."