http subversion URLs should be discontinued in favor of https URLs
Yuri
yuri at rawbw.com
Tue Dec 5 20:59:27 UTC 2017
I suggested this PR, but it got rejected:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224097
http is insecure in its nature, and is an easy target for MITM. This is
why https should be preferred. http needs to be discontinued and shut
down because as long as it exists somebody will keep using it and will
be in danger.
Few years ago Wikimedia Foundation switched to https and discontinued
http entirely:
https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https
I think this makes a lot of sense, and FreeBSD should do the same.
It's understood that a lot of arguments can be made for and against
this, like with any other issue, but security argument should outweigh
most or all other arguments.
Regards,
Yuri
More information about the freebsd-security
mailing list