On 05.05.20 03:14, Bruno Haible wrote: > Paul Eggert wrote: >>> We could switch the order such that Wget is the default and rsync is used >>> as a >>> fallback >> >> That sounds better than reverting, no? Perhaps you could propose a patch. > > No. From the point of security, "wget as default and rsync as fallback" is > just as bad as "rsync always". Why? [1] Look at the SSLv3 / TLSv1.0 history. > People believed that "SSLv3 is insecure, but since it's only used as a > fallback, it doesn't matter". Until someone discovered a way to trick the > fallback to be activated always [2]... > > rsync is not secure. We should not enable it again. > > Regarding the bootstrapping problem, why not build wget in two steps: > 1. Bootstrap with no PO files. This produces a non-internationalized wget > binary. > 2. Bootstrap again, using the wget binary from step 1 to fetch the PO files. > > The 'bootstrap' script has an option '--skip-po'. The gnulib-tool script > should behave the same way if you don't pass the --po-base=... option to it. > > If necessary, we can add another option to gnulib-tool to avoid fetching PO > files and/or to avoid the use of wget.
I fully agree with Bruno. We could also check for an existing wget in bootstrap.conf and set SKIP_PO=1 if not found. While it 'just works' it also disguises the real problem and the user might get something unexpected (non-internationalized wget). Regards, Tim > > Bruno > > [1] https://en.wikipedia.org/wiki/Downgrade_attack > [2] https://en.wikipedia.org/wiki/POODLE > >
signature.asc
Description: OpenPGP digital signature