http subversion URLs should be discontinued in favor of https URLs

Poul-Henning Kamp phk at phk.freebsd.dk
Sun Dec 10 19:57:34 UTC 2017


--------
In message <898df78d-c0b1-9e9f-0630-2665c3939960 at rawbw.com>, Yuri writes:

>3. The user updated the sources through Tor and got hacked.
>
>Where did this user go wrong, or where has he been irresponsible?

He trusted Tor?

In 2006 Steven Murdochs "Hot or Not" work in TCP timers revealed
that a LOT of the Tor network is on a longitude compatible with a
"Bandit of The Beltway" location.

If you still, elleven years later, seriously belive that Tor is
trustworthy, you shouldn't be allowed near any kind of security
decision.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.


More information about the freebsd-security mailing list