Kevin Fenzi wrote: > On 8/10/19 4:12 AM, Björn Persson wrote: > > Rafal Luzynski wrote: > >> 9.08.2019 22:10 Jerry James <loganjerry@xxxxxxxxx> wrote: > >>> Source: https://ftp.gnu.org/pub/gnu/gettext/%{name}-%{version}.tar.xz > >> > >> Do we need to change ftp to https? > > > > That's the wrong question to ask. The right question is: What reason is > > there to choose an insecure protocol when HTTPS is available? > > I'm confused by this... https is already being used, it is just the > hostname that is 'ftp'. When I posted, gettext.spec in the master branch still said: Source: ftp://ftp.gnu.org/gnu/gettext/%{name}-%{tarversion}.tar.xz The spec that Jerry James posted changed the URI scheme to https, which is the right thing to do. That change is now also in Git. The URL field should also be changed by the way. www.gnu.org redirects HTTP requests to HTTPS, but there is no reason to give an attacker the chance to intercept the HTTP request and redirect you to a malicious server instead. Björn Persson
Attachment:
pgphB77XsRTPB.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
