On 2018-09-04 15:05, eah2119 wrote:
The website ought to be using HTTPS to help protect its users against
man-in-the-middle attacks. I think this is especially important when
you're distributing a list of software package URLs
(http://www.linuxfromscratch.org/lfs/view/stable/wget-list). The list
itself should go over HTTPS and each listed software package should be
downloaded through HTTPS or some other secure protocol if possible.
Let's Encrypt is a free certificate authority you can use to enable
HTTPS on your site.
Cheers,
Evan
I believe DJ Lucas was working on some sort of proposal for this.
DJ, can you chime in?
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
