From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Jonathan Nieder <jrnieder@gmail.com>
Newsgroups: gmane.comp.lib.glibc.alpha
Subject: Re: [PATCH] Prefer https: for GNU and FSF URLs
Date: Fri, 29 Sep 2017 09:59:05 -0700
Message-ID: <20170929165905.GH19555@aiede.mtv.corp.google.com>
References: <18cce39e-4a5a-27d8-a1ca-5ec45973088e@cs.ucla.edu>
 <alpine.DEB.2.00.1709291634040.12020@tp.orcam.me.uk>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: blaine.gmane.org 1506704357 23614 195.159.176.226 (29 Sep 2017 16:59:17 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Fri, 29 Sep 2017 16:59:17 +0000 (UTC)
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: Paul Eggert <eggert@cs.ucla.edu>,
	GNU C Library <libc-alpha@sourceware.org>
To: "Maciej W. Rozycki" <macro@imgtec.com>
Original-X-From: libc-alpha-return-85126-glibc-alpha=m.gmane.org@sourceware.org Fri Sep 29 18:59:13 2017
Return-path: <libc-alpha-return-85126-glibc-alpha=m.gmane.org@sourceware.org>
Envelope-to: glibc-alpha@blaine.gmane.org
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:message-id:references
	:mime-version:content-type:in-reply-to; q=dns; s=default; b=f8V1
	EVwp6c4wxEXDdMOrjMxLcQ7wFLnRObkwuFajAEnCmnkT1TaB3YkOaafOeiktpgaB
	YhkptTFJhmzhZqLAwzuErrUYEiHQsn0mIPNbCskCymBmtU55x6LNUT3rPn3LUI20
	U2zgEYZW6BEAaCixJdUB5bcy1YgE0iHuSFypS2Q=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:message-id:references
	:mime-version:content-type:in-reply-to; s=default; bh=yAqOGPO3Z8
	xiRWD4OjeTgiMr/bI=; b=uFo0xFA59yY6wTJoazeN2L/OrLyKsJQyi59iRlOvx6
	LslW1hXEuqDc17eFpCkPxfdKMybw4MWSJinaoMO9TZyRC0Lq/bUl4kg/iXB+akNp
	/wqDFTrmd2y6rbYbV+OpXJps53ZJmi1kHW1hu0GnW2izltpGInkxiT+/kF5SwCJf
	w=
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-glibc-alpha=m.gmane.org@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Original-Sender: libc-alpha-owner@sourceware.org
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-HELO: mail-pg0-f47.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=+XNM8VXh2bxxX8x/Jij649HGTCTTjgVyXXWcN1tE6JY=;
        b=sPWSVV+2OgI4GFrADWPL2G/3ZszdLR7c0nBvcjAAbWiheYg//TCG0NgB8AC4OvZAW3
         SmsX39hh6fNcMpAncACS0mzJsstBxX2n9oBnvA30d5W7FLDZZLeMct7OSdAo+s4qSGsX
         KdWQq6TY9jeAZsXIOZWQW55ntNP2xCM5CBb3q32RqEWbWHoI8wLs9Y0jo5e7/JctZ2qY
         mJ54XXmaRfzpDud//whaeYlmXGLg1k0Bn8SF+i/Li9V/j7hFlCQMFkQtFq8zvNnatTXm
         icyQgS0sxIEqGP2vvxBOth3dEiGdrMAnwv/SE0es7Cn9c8WCt957J3ZGXtSafIfhru2X
         Vjew==
X-Gm-Message-State: AHPjjUhlRsRKnKWifZlTbTMZhsjyQQlx2/480lH4Z6kir+Z1wT9SuJh4
	q6MShSlc5kTpqpDhnRO6af4=
X-Google-Smtp-Source: AOwi7QCm89+wgCO/eyg8WRyHu9Apige1zZAqkiBFXnRgSgbBYA06RIgsZqX2NSyK279givpKSdVlUQ==
X-Received: by 10.98.67.209 with SMTP id l78mr8516032pfi.3.1506704347890;
        Fri, 29 Sep 2017 09:59:07 -0700 (PDT)
Content-Disposition: inline
In-Reply-To: <alpine.DEB.2.00.1709291634040.12020@tp.orcam.me.uk>
Xref: news.gmane.org gmane.comp.lib.glibc.alpha:77483
Archived-At: <http://permalink.gmane.org/gmane.comp.lib.glibc.alpha/77483>
Received: from server1.sourceware.org ([209.132.180.131] helo=sourceware.org)
 by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from
 <libc-alpha-return-85126-glibc-alpha=m.gmane.org@sourceware.org>) id
 1dxyd3-0005RG-8I for glibc-alpha@blaine.gmane.org; Fri, 29 Sep 2017 18:59:09
 +0200
Received: (qmail 70038 invoked by alias); 29 Sep 2017 16:59:11 -0000
Received: (qmail 70026 invoked by uid 89); 29 Sep 2017 16:59:10 -0000

Hi,

Maciej W. Rozycki wrote:
> Hi Paul,

>> The attached patches adjust glibc to prefer https: in URLs for gnu.org and
>> fsf.org. FTP is being decommissioned soon for gnu.org, and although the GNU
>> project files are not secret, plain HTTP is vulnerable to malicious routers
>> that intercept responses from GNU servers, and this sort of thing is all too
>> common when people in some other countries browse US-based websites.
>
> What's wrong with FTP, especially as given what you have stated it seems
> useful for people beyond myself, and not merely (as it is in my case) for
> convenience reasons?

FTP is vulnerable to mitm in the same way as HTTP is.

Thanks and hope that helps,
Jonathan