In Gnulib, Emacs, etc. we are changing ftp: and http: URLs to use https:, to
discourage man-in-the-middle attacks when downloading software. The attached
patch propagates these changes upstream to texinfo.tex. This patch doesn't
affect the the other files in the texinfo source, though they should be updated
too at some point.
Although texinfo.tex is not secret, plain HTTP is vulnerable to malicious
routers that tamper with responses from GNU servers, and this sort of thing is
all too common when people in some other countries browse US-based websites.
See, for example:
Aceto G, Botta A, Pescapé A, Awan MF, Ahmad T, Qaisar S. Analyzing internet
censorship in Pakistan. RTSI 2016. https://dx.doi.org/10.1109/RTSI.2016.7740626
HTTPS is not a complete solution here, but it can be a significant help. The GNU
project regularly serves up code to users, so we should take some care here.
Index: doc/texinfo.tex
===================================================================
--- doc/texinfo.tex (revision 7950)
+++ doc/texinfo.tex (working copy)
@@ -3,7 +3,7 @@
% Load plain if necessary, i.e., if running under initex.
\expandafter\ifx\csname fmtname\endcsname\relax\input plain\fi
%
-\def\texinfoversion{2017-08-23.19}
+\def\texinfoversion{2017-09-16.10}
%
% Copyright 1985, 1986, 1988, 1990, 1991, 1992, 1993, 1994, 1995,
% 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
@@ -21,7 +21,7 @@
% General Public License for more details.
%
% You should have received a copy of the GNU General Public License
-% along with this program. If not, see <http://www.gnu.org/licenses/>.
+% along with this program. If not, see <https://www.gnu.org/licenses/>.
%
% As a special exception, when this file is read by TeX when processing
% a Texinfo source document, you may use the result without
@@ -30,9 +30,9 @@
%
% Please try the latest version of texinfo.tex before submitting bug
% reports; you can get the latest version from:
-% http://ftp.gnu.org/gnu/texinfo/ (the Texinfo release area), or
-% http://ftpmirror.gnu.org/texinfo/ (same, via a mirror), or
-% http://www.gnu.org/software/texinfo/ (the Texinfo home page)
+% https://ftp.gnu.org/gnu/texinfo/ (the Texinfo release area), or
+% https://ftpmirror.gnu.org/texinfo/ (same, via a mirror), or
+% https://www.gnu.org/software/texinfo/ (the Texinfo home page)
% The texinfo.tex in any given distribution could well be out
% of date, so if that's what you're using, please check.
%
@@ -56,7 +56,7 @@
% extent. You can get the existing language-specific files from the
% full Texinfo distribution.
%
-% The GNU Texinfo home page is http://www.gnu.org/software/texinfo.
+% The GNU Texinfo home page is https://www.gnu.org/software/texinfo.
\message{Loading texinfo [version \texinfoversion]:}
@@ -9446,7 +9446,7 @@
\newif\ifwarnednoepsf
\newhelp\noepsfhelp{epsf.tex must be installed for images to
work. It is also included in the Texinfo distribution, or you can get
- it from ftp://tug.org/tex/epsf.tex.}
+ it from https://ctan.org/texarchive/macros/texinfo/texinfo/doc/epsf.tex.}
%
\def\image#1{%
\ifx\epsfbox\thisisundefined
