Hi Andreas, > May be the lintian warning should be more explicit and say: > > d/watch is pointing to an ftp download location. Downloading > from ftp sites is considered insecure when not using ftp over > TLS.
Alas, without introducing a separate tag for ftp:// watch files, we cannot conditionally output parts of a description. The tag currently says: The watch file uses an unencrypted transport protocol for the URI. It is recommended to use a secure transport such as HTTPS for anonymous read-only access. ... which does seem to cover the ftp:// case. Perhaps you were thinking of something like: The watch file uses an unencrypted transport protocol for the URI such as http:// or ftp://. It is recommended to use a secure transport such as HTTPS for anonymous read-only access. .. but this doesn't really seem to change or improve clarity that much, so I don't think I am 100% understanding the problem here or am misinterpreting the original bug title - ftp:// URIs are insecure. Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-