Re: [PATCH] Update users.txt to HTTPS

2017-02-16 Thread Tim Ruehsen 
On Thursday, February 16, 2017 1:46:56 PM CET Bruno Haible wrote:
> Tim Ruehsen wrote:
> > I updated the links in users.txt to HTTPS where possible (manually
> > checked). For outdated links I tried to find the current valid links.
> 
> Thanks a lot! I've applied it in your name. The rationale, for me, is that
> http and ftp are vulnerable to man-in-the-middle attacks [1].
> 
> Bruno
> 
> [1] https://lists.gnu.org/archive/html/bug-gnulib/2017-01/msg00102.html

Thanks, and yes, MITM active and passive (reading content) attacks are my 
rationale as well.

It is pretty bad, that many announcements[1] still point to our ftp and http 
sites. How many downloaders check the signatures manually ? 1% ?

Am I the only maintainer using HTTPS (for wget announcements) ?
I already thought about dropping the reference to http://ftpmirror.gnu.org/.
There is no HTTPS pendant.

[1] http://lists.gnu.org/archive/html/info-gnu/2017-02/index.html

Regards, Tim


signature.asc
Description: This is a digitally signed message part.

Re: [PATCH] Update users.txt to HTTPS

2017-02-16 Thread Bruno Haible 
Tim Ruehsen wrote:
> I updated the links in users.txt to HTTPS where possible (manually checked).
> For outdated links I tried to find the current valid links.

Thanks a lot! I've applied it in your name. The rationale, for me, is that
http and ftp are vulnerable to man-in-the-middle attacks [1].

Bruno

[1] https://lists.gnu.org/archive/html/bug-gnulib/2017-01/msg00102.html

[PATCH] Update users.txt to HTTPS

2017-02-16 Thread Tim Ruehsen 
Hi,

I updated the links in users.txt to HTTPS where possible (manually checked).
For outdated links I tried to find the current valid links.

newts: Could find anything, thus you see a ? prepended

Regards, Tim
From 7217b31896ff0933b3a02de5d43a1d0c204a24d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.rueh...@gmx.de>
Date: Thu, 16 Feb 2017 11:12:57 +0100
Subject: [PATCH] users.txt: Update links, use HTTPS where possible

* users.txt: Updated to HTTPS where possible,
  fixed some links to new locations.
---
 users.txt | 161 +++---
 1 file changed, 81 insertions(+), 80 deletions(-)

diff --git a/users.txt b/users.txt
index 92d0dfedc..d638a335a 100644
--- a/users.txt
+++ b/users.txt
@@ -1,111 +1,112 @@
 The following packages appear to be using gnulib and gnulib-tool:
 
-  accthttp://svn.sv.gnu.org/viewvc/trunk/?root=acct
-  anubis  http://git.sv.gnu.org/gitweb/?p=anubis.git
+  accthttps://svn.sv.gnu.org/viewvc/trunk/?root=acct
+  anubis  https://git.sv.gnu.org/gitweb/?p=anubis.git
   augeas  http://augeas.net/
-  autobuild   http://josefsson.org/autobuild/
-  barcode http://git.sv.gnu.org/cgit/barcode.git/
-  bison   http://git.sv.gnu.org/gitweb/?p=bison.git
-  clisp   http://clisp.cvs.sourceforge.net/clisp/clisp/
-  coreutils   http://git.sv.gnu.org/gitweb/?p=coreutils.git
-  cmogstored  http://bogomips.org/cmogstored/
-  cpiohttp://git.sv.gnu.org/gitweb/?p=cpio.git
-  CSSChttp://git.savannah.gnu.org/cgit/cssc.git
-  cvs http://cvs.sv.gnu.org/viewcvs/cvs/ccvs/
-  cvsps   http://sourceforge.net/projects/cvsps/
-  diffutils   http://git.sv.gnu.org/cgit/diffutils.git/
-  emacs   http://bzr.savannah.gnu.org/lh/emacs/trunk/files
-  febootstrap http://people.redhat.com/~rjones/febootstrap/
-  findutils   http://git.sv.gnu.org/gitweb/?p=findutils.git
-  freedinkhttp://git.sv.gnu.org/gitweb/?p=freedink.git
-  gcalhttp://git.savannah.gnu.org/gitweb/?p=gcal.git
-  gdb http://sourceware.org/git/?p=gdb.git;a=summary
-  gettext http://git.sv.gnu.org/gitweb/?p=gettext.git
-  gengetopt   http://git.sv.gnu.org/gitweb/?p=gengetopt.git
-  gmediaserverhttp://cvs.sv.gnu.org/viewvc/gmediaserver/gmediaserver/
-  gnuit   http://www.gnu.org/software/gnuit/
-  http://git.savannah.gnu.org/gitweb/?p=gnuit.git
-  gnutls  http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/gnutls/?root=GNU+TLS+Library
-  http://git.sv.gnu.org/gitweb/?p=gnutls.git
-  http://repo.or.cz/w/gnutls.git
-  gpg http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/
-  gsasl   http://git.sv.gnu.org/gitweb/?p=gsasl.git
-  gss http://git.sv.gnu.org/gitweb/?p=gss.git
-  gtkreindeer http://git.sv.gnu.org/gitweb/?p=gtkreindeer.git
+  autobuild   https://josefsson.org/autobuild/
+  barcode https://git.sv.gnu.org/cgit/barcode.git/
+  bison   https://git.sv.gnu.org/gitweb/?p=bison.git
+  clisp   https://sourceforge.net/p/clisp/clisp/ci/default/tree/
+  coreutils   https://git.sv.gnu.org/gitweb/?p=coreutils.git
+  cmogstored  https://bogomips.org/cmogstored/
+  cpiohttps://git.sv.gnu.org/gitweb/?p=cpio.git
+  CSSChttps://git.savannah.gnu.org/cgit/cssc.git
+  cvs https://cvs.sv.gnu.org/viewcvs/cvs/ccvs/
+  cvsps   https://sourceforge.net/projects/cvsps/
+  diffutils   https://git.sv.gnu.org/cgit/diffutils.git/
+  emacs   https://bzr.savannah.gnu.org/lh/emacs/trunk/files
+  febootstrap https://people.redhat.com/~rjones/febootstrap/
+  findutils   https://git.sv.gnu.org/gitweb/?p=findutils.git
+  freedinkhttps://git.sv.gnu.org/gitweb/?p=freedink.git
+  gcalhttps://git.savannah.gnu.org/gitweb/?p=gcal.git
+  gdb https://sourceware.org/git/?p=gdb.git;a=summary
+  gettext https://git.sv.gnu.org/gitweb/?p=gettext.git
+  gengetopt   https://git.sv.gnu.org/gitweb/?p=gengetopt.git
+  gmediaserverhttps://cvs.sv.gnu.org/viewvc/gmediaserver/gmediaserver/
+  gnuit   https://www.gnu.org/software/gnuit/
+  https://git.savannah.gnu.org/gitweb/?p=gnuit.git
+  gnutls  https://www.gnutls.org/
+  https://gitlab.com/gnutls/gnutls.git
+  gpg https://gnupg.org/
+  https://git.gnupg.org/
+  gsasl   https://git.sv.gnu.org/gitweb/?p=gsasl.git
+  gss https://git.sv.gnu.org/gitweb/?p=gss.git
+  gtkreindeer https://git.sv.gnu.org/gitweb/?p=gtkreindeer.git
   gtk-vnc http://gtk-vnc.codemonkey.ws/hg/outgoing.hg
-  grephttp://git.sv.gnu.org/cgit/grep.git/
-  guile   http://git.sv.gnu.org/gitweb/?p=guile.git
-  gziphttp://git.sv.gnu.org/cgit/gzip.git/
-