[gentoo-dev] [RFC] Using HTTPS mirrors only in thirdpartymirrors (when possible)

public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Michał Górny" <mgorny@gentoo.org>
To: gentoo-dev <gentoo-dev@lists.gentoo.org>
Subject: [gentoo-dev] [RFC] Using HTTPS mirrors only in thirdpartymirrors (when possible)
Date: Sun, 29 Sep 2019 11:56:19 +0200	[thread overview]
Message-ID: <a88232f5ca7589de2caaec3490b9eaa56233d841.camel@gentoo.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 918 bytes --]

Hi,

Historically, the majority of our 'thirdpartymirrors' use HTTP or FTP. 
I've been putting some effort into switching to HTTPS whenever possible
(i.e. when the server's running HTTPS and has a valid certificate). 
However, the way things work people still have a pretty good chance of
hitting HTTP or FTP mirror instead.

Hence, I'd like to propose that whenever thirdpartymirrors contain HTTPS
mirrors for the group in question, we remove all HTTP and FTP
alternatives.  This way, if mirror:// is actually utilized, people won't
unnecessarily use unsecured connections.

I believe this falls in line with the generic policy of preferring HTTPS
over HTTP/FTP URIs.

Why is it useful?  In my opinion, the most important point is that it
stops third parties from sniffing what the Gentoo hosts are fetching
and using this information against them.

WDYT?

-- 
Best regards,
Michał Górny

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]

next             reply	other threads:[~2019-09-29  9:56 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-29  9:56 Michał Górny [this message]
2019-09-29 11:35 ` [gentoo-dev] [RFC] Using HTTPS mirrors only in thirdpartymirrors (when possible) Piotr Karbowski
2019-09-29 14:54 ` Thomas Deutschmann
2019-09-29 15:48   ` Michał Górny
2019-09-30  5:04 ` Ulrich Mueller
2019-09-30  5:35   ` Michał Górny
2019-09-30 20:30     ` Chí-Thanh Christopher Nguyễn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a88232f5ca7589de2caaec3490b9eaa56233d841.camel@gentoo.org \
    --to=mgorny@gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox