On 09/06/2018 01:42 PM, Bruce Dubbs wrote:
On 09/06/2018 01:01 PM, DJ Lucas wrote:
People worry about encrypting http for
downloads, but we also provide files via
ftp like a lot of upstream does. Nobody
seems to worry about that not being an
encrypted connection. -- Bruce
Just adding this bit (modified) from offline conversation (now that I'm
sub'd).
This is true, however, the concern is MIM attacks. With a proxy in the
middle, it's obvious if using https as you will get a big red warning in
your browser. The files themselves can be obtained unencrypted, and we
don't really care as we can verify form the hashes that were obtained
from the books, who's content was delivered over a secure channel and so
not modified, at least not in transit.
--DJ
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
