From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: "Maciej W. Rozycki" <macro@imgtec.com>
Newsgroups: gmane.comp.lib.glibc.alpha
Subject: Re: [PATCH] Prefer https: for GNU and FSF URLs
Date: Thu, 5 Oct 2017 00:19:53 +0100
Message-ID: <alpine.DEB.2.00.1709291800030.12020@tp.orcam.me.uk>
References: <18cce39e-4a5a-27d8-a1ca-5ec45973088e@cs.ucla.edu> <alpine.DEB.2.00.1709291634040.12020@tp.orcam.me.uk> <20170929165905.GH19555@aiede.mtv.corp.google.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Trace: blaine.gmane.org 1507159400 24685 195.159.176.226 (4 Oct 2017 23:23:20 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Wed, 4 Oct 2017 23:23:20 +0000 (UTC)
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
Cc: Paul Eggert <eggert@cs.ucla.edu>, GNU C Library
	<libc-alpha@sourceware.org>
To: Jonathan Nieder <jrnieder@gmail.com>
Original-X-From: libc-alpha-return-85392-glibc-alpha=m.gmane.org@sourceware.org Thu Oct 05 01:23:16 2017
Return-path: <libc-alpha-return-85392-glibc-alpha=m.gmane.org@sourceware.org>
Envelope-to: glibc-alpha@blaine.gmane.org
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:in-reply-to:message-id
	:references:mime-version:content-type; q=dns; s=default; b=X0XZa
	onx0uQdrrcNE1kDHDl5qsQc3AAaAS6X6bQwbnUReZnb2BFgt02wgTtHEa2+3uz2Q
	bUBR8fPXK7uwEC74tQtkqAKqHjkPGqLh9tMHT+Tm8lgkxVh1jwsj00RTOHNLndLK
	wCJD92jkIKkWdg3wKd6hQg0ZPzPBi9kK8HOh/c=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:in-reply-to:message-id
	:references:mime-version:content-type; s=default; bh=1mmkmJCe5MF
	oeXXgHxTKP7DJ9Ow=; b=CTcspxUHyb09PBfPcEapOo/87vLcil5Z26UAKZEeEQv
	bk3I5Q4s15Lv/PLbMLHE5tPzBtfDbC7l0Rr5OYYtYoBtHUu0FTPmkwP/WbvYi7Rz
	nzM2hgLTvm4y1+6xd2Xcmf1bbxwobq8QMX+OmVkgR+AGsUgMlCLG/lxqPMXHnSZM
	=
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-glibc-alpha=m.gmane.org@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Original-Sender: libc-alpha-owner@sourceware.org
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-HELO: mailapp01.imgtec.com
In-Reply-To: <20170929165905.GH19555@aiede.mtv.corp.google.com>
Xref: news.gmane.org gmane.comp.lib.glibc.alpha:77749
Archived-At: <http://permalink.gmane.org/gmane.comp.lib.glibc.alpha/77749>
Received: from server1.sourceware.org ([209.132.180.131] helo=sourceware.org)
 by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from
 <libc-alpha-return-85392-glibc-alpha=m.gmane.org@sourceware.org>) id
 1dzt0U-0005k5-10 for glibc-alpha@blaine.gmane.org; Thu, 05 Oct 2017 01:23:14
 +0200
Received: (qmail 45605 invoked by alias); 4 Oct 2017 23:23:18 -0000
Received: (qmail 45257 invoked by uid 89); 4 Oct 2017 23:23:18 -0000

Hi Jonathan,

> > What's wrong with FTP, especially as given what you have stated it seems
> > useful for people beyond myself, and not merely (as it is in my case) for
> > convenience reasons?
> 
> FTP is vulnerable to mitm in the same way as HTTP is.

 Hmm, weren't the GPG signatures meant to address it?  Though indeed the 
keys I've seen used weren't particularly trustable, with very few if any 
signatures attached, so that could be considered a failed attempt.  OTOH
with HTTPS we need to trust the CA, which might be the single weak point.

  Maciej