W dniu śro, 23.08.2017 o godzinie 11∶46 +0300, użytkownik Andrew
Savchenko napisał:
> On Sat, 19 Aug 2017 10:25:02 +0200 Michał Górny wrote:
> > Explicitly warn about any URI that uses an unsecure protocol (git, http)
> > even if it's a fallback URI. This is necessary because an attacker may
> > block HTTPS connections, effectively forcing the fallback to
> > the unsecure protocol.
>
> [...]
> > + local r
> > + for r in "${repos[@]}"; do
> > + if [[ ${r} == git:* || ${r} == http:* ]]; then
> > + ewarn "git-r3: ${r%%:*} protocol in unsafe and may be
> > subject to MITM attacks"
> > + ewarn "(even if used only as fallback). Please use
> > https instead."
> > + ewarn "[URI: ${r}]"
> > + fi
> > + done
> > +
>
> Sigh... https also makes MITM attacks possible, especially if SSL
> or TLS < 1.2 is used or are allowed and protocol version downgrade
> attack may be performed.
>
> Such messages create a false impression of a safety of https.
> Safety more or less can be gained by verifying GPG signatures and
> fingerprints of the upstream commits, if upstream supports this. Of
> course using https is better than using http or git, but better
> only by a bit.
>
Yes, we can do a whole long debate about problems with HTTPS. Yes, we
can do an even longer debate about all those fancy solutions that solve
all the problems in the world, except they're completely not applicable
in practice. People will become a lot wiser and/or depressed.
However, I'd rather do what I can practically do to make a real
difference. And I believe that making things a little safer is better
than claiming that nothing is safe, so let's just abandon all hope
and continue using completely unsecured protocols.
Nevertheless, I've changed the wording a bit to avoid giving this 'false
impression' that https is entirely secure.
--
Best regards,
Michał Górny
