[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[savannah-help-public] [sr #109093] Support and require cloning via http
From: |
anonymous |
Subject: |
[savannah-help-public] [sr #109093] Support and require cloning via https:// instead of git://, http://, svn://, or other insecure transport |
Date: |
Wed, 19 Oct 2016 06:24:41 +0000 (UTC) |
User-agent: |
Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0 |
Follow-up Comment #4, sr #109093 (project administration):
I might want to add that this is also criteria C6 of the GNU ethical
repository criteria.
https://www.gnu.org/software/repo-criteria.html
It appears that this issue was overlooked in the evaluation of Savannah (given
an A grade)
https://www.gnu.org/software/repo-criteria-evaluation.html
To reiterate, while releases can generally be downloaded over HTTPS and
verified by GNUGPG regardless, the same is not yet true for the developmental
sources. As it stands right now, anyone who wants to download the
developmental sources is vulnerable to spyware, backdoors, etc. being snuck in
while it is in transit by anyone between the person's computer and the GNU
servers (depending where one is in the world, that could go through the
borders of several countries, most of which have governments who would not be
above doing it, though probably only for targetted people).
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?109093>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [savannah-help-public] [sr #109093] Support and require cloning via https:// instead of git://, http://, svn://, or other insecure transport,
anonymous <=