On 5 December 2017 at 23:18, RW via freebsd-security < freebsd-security@freebsd.org> wrote:
> On Tue, 5 Dec 2017 14:08:49 -0800 > Gordon Tetlow wrote: > > > > Using this as a reason to not move to HTTPS is a fallacy. We should do > > everything we can to help our end-users get FreeBSD in the most secure > > way. > > I think it's more a question of whether all users should be forced onto > https even if it might prevent some users from getting security updates. If updates are signed, then I don't see what can be gained by using relatively expensive HTTPS over HTTP. People screaming for HTTPS without justifying a specific threat model (cf. a generic "MITM"-bogeyman), don't understand HTTPS nor general security (to paraphrase the famous phrase). -- Igor M. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"