Hi, is there any particular reason for not having the gnutls.org available over HTTPS?
I can imagine that a certificate has little meaning when one is downloading GnuTLS because the only reasonable approach is to verify the GPG signature on the source code. But what if I just want to have a quick look at the template file[1] for which it seems quite important not to serve it via a connection someone can hijack? There is also a possibility of embedding malicious content (e.g. JavaScript code) via a MitM attack and targeting some of gnutls.org visitors. [1] http://www.gnutls.org/manual/gnutls.html#Certtool_0027s-template-file-format -- Marcin Szewczyk http://wodny.org _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
