http subversion URLs should be discontinued in favor of https URLs
Poul-Henning Kamp
phk at phk.freebsd.dk
Sun Dec 10 19:57:34 UTC 2017
--------
In message <898df78d-c0b1-9e9f-0630-2665c3939960 at rawbw.com>, Yuri writes:
>3. The user updated the sources through Tor and got hacked.
>
>Where did this user go wrong, or where has he been irresponsible?
He trusted Tor?
In 2006 Steven Murdochs "Hot or Not" work in TCP timers revealed
that a LOT of the Tor network is on a longitude compatible with a
"Bandit of The Beltway" location.
If you still, elleven years later, seriously belive that Tor is
trustworthy, you shouldn't be allowed near any kind of security
decision.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-security
mailing list