Charlie Li via plug on 20 Sep 2019 09:22:32 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] The lock down?! Uhh.. why?


Joe Rosato via plug wrote:
> If you work with either RHEL or OracleLinux - has anyone noticed the
> recent push for https for repos?
> 
> What is the thinking here? Can't tell if I'm just old school or if this
> is.. well.. bad. The gpgcheck for signatures covers fears of
> bogus repos. Why add https?
> 
To add to Drew's cargo cult point (replying here because Drew cut all
the context), the popular browsers have been increasingly pushing for
HTTPS everything to the point where regular HTTP is more onerously
flagged than before. This then causes lesser-informed people to panic
when coming upon an HTTP endpoint, especially when it comes to a
software repository.

Personally, I'd prefer offering both HTTP and HTTPS without nudging one
over the other. Repressive environments and countries love to
man-in-the-middle HTTPS as a cheap way to monitor and deny data transfer
from "unapproved" sources.

-- 
Charlie "got eem" Li

(This email address is for mailing list use only; replace local-part
with vishwin for off-list communication)

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug