FTP,HTTP → HTTPS in GNU Standards

bug-standards

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FTP,HTTP → HTTPS in GNU Standards

From:	Paul Eggert
Subject:	FTP,HTTP → HTTPS in GNU Standards
Date:	Sat, 16 Sep 2017 16:15:34 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

In Gnulib, Emacs, etc. we are changing URLs to use https: instead of ftp: andhttp:, to discourage man-in-the-middle attacks when downloading software. Theattached patch propagates these changes upstream to the GNU Coding Standards.

Although the GNU Coding Standards are not secret, plain HTTP is vulnerable tomalicious routers that tamper with responses from GNU servers, and this sort ofthing is all too common when people in some other countries browse US-basedwebsites. See, for example:

Aceto G, Botta A, Pescapé A, Awan MF, Ahmad T, Qaisar S. Analyzing internetcensorship in Pakistan. RTSI 2016. https://dx.doi.org/10.1109/RTSI.2016.7740626


HTTPS is not a complete solution here, but it can be a significant help.

gnustandards-https.diff
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

FTP,HTTP → HTTPS in GNU Standards, Paul Eggert <=
- Re: FTP,HTTP → HTTPS in GNU Standards, Rical Jasan, 2017/09/17
- Re: FTP,HTTP -> HTTPS in GNU Standards, Alfred M. Szmidt, 2017/09/17
  - Re: FTP,HTTP -> HTTPS in GNU Standards, Paul Eggert, 2017/09/17

Prev by Date: Re: Circumstances in which ChangeLog format is no longer useful
Next by Date: Re: FTP,HTTP → HTTPS in GNU Standards
Previous by thread: Outdated gpg instruction
Next by thread: Re: FTP,HTTP → HTTPS in GNU Standards
Index(es):
- Date
- Thread