Follow-up Comment #4, sr #109093 (project administration):

I might want to add that this is also criteria C6 of the GNU ethical
repository criteria.

It appears that this issue was overlooked in the evaluation of Savannah (given
an A grade)

To reiterate, while releases can generally be downloaded over HTTPS and
verified by GNUGPG regardless, the same is not yet true for the developmental
sources. As it stands right now, anyone who wants to download the
developmental sources is vulnerable to spyware, backdoors, etc. being snuck in
while it is in transit by anyone between the person's computer and the GNU
servers (depending where one is in the world, that could go through the
borders of several countries, most of which have governments who would not be
above doing it, though probably only for targetted people).


Reply to this item at:


  Message sent via/by Savannah

Reply via email to