[debbugs-tracker] bug#29046: closed ([PATCH] gnu: linux-libre: Update to

emacs-bug-tracker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#29046: closed ([PATCH] gnu: linux-libre: Update to

From:	GNU bug Tracking System
Subject:	[debbugs-tracker] bug#29046: closed ([PATCH] gnu: linux-libre: Update to 4.13.10 and change URL to HTTPS.)
Date:	Sun, 12 Nov 2017 20:49:02 +0000

Your message dated Sun, 12 Nov 2017 15:48:04 -0500
with message-id <address@hidden>
and subject line Re: [bug#29046] [PATCH] gnu: linux-libre: Change URL to HTTPS.
has caused the debbugs.gnu.org bug report #29046,
regarding [PATCH] gnu: linux-libre: Update to 4.13.10 and change URL to HTTPS.
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
29046: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=29046
GNU Bug Tracking System
Contact address@hidden with problems

--- Begin Message --- Subject: [PATCH] gnu: linux-libre: Update to 4.13.10 and change URL to HTTPS. Date: Sat, 28 Oct 2017 23:15:16 +0200

Hey Guix,

here's a patch to update linux-libre and change the URL to HTTPS.

0001-gnu-linux-libre-Update-to-4.13.10-and-change-URL-to-.patch
Description: Text Data

--- End Message ---

--- Begin Message --- Subject: Re: [bug#29046] [PATCH] gnu: linux-libre: Change URL to HTTPS. Date: Sun, 12 Nov 2017 15:48:04 -0500 User-agent: Mutt/1.9.1 (2017-09-22)

On Tue, Nov 07, 2017 at 02:05:24PM -0500, Mark H Weaver wrote:
> Is an active attack needed to determine which file we are downloading
> from linux-libre.fsfla.org?  I think not.  The IP address of that host
> reverse resolves to "linux-libre.fsfla.org", which makes it obvious.
> The title of the paper Ludovic cited above makes the point:

I should clarify that by "active attacker" I mean someone who is doing
anything beyond simply recording the traffic. So, if they are making
lists of file sizes of different kernel tarballs, or keeping a database
of which sites you visited, keyed by your IP / identity, that's
"active".

> Anyway, having said this, if using HTTPS for linux-libre downloads makes
> you sleep better at night, I'm okay with it.

It doesn't affect my rest, but I assume you are speaking metaphorically.
So, I pushed the change as 8420c7a3565b6a984cdd95336f66d555edc87d90.

Thanks Rutger!

signature.asc
Description: PGP signature

--- End Message ---

[Prev in Thread]

Current Thread

[Next in Thread]

[debbugs-tracker] bug#29046: closed ([PATCH] gnu: linux-libre: Update to 4.13.10 and change URL to HTTPS.), GNU bug Tracking System <=

Prev by Date: [debbugs-tracker] bug#24993: closed (System installer grows brittle as substitutes for the release disappear)
Next by Date: [debbugs-tracker] bug#28977: closed ([PATCH] gnu: tzdata: Update to 2017c.)
Previous by thread: [debbugs-tracker] bug#24993: closed (System installer grows brittle as substitutes for the release disappear)
Next by thread: [debbugs-tracker] bug#28977: closed ([PATCH] gnu: tzdata: Update to 2017c.)
Index(es):
- Date
- Thread