Re: Changing guix download page from using HTTP to HTTPS
Leo Famulari skribis: > On Sun, Mar 05, 2017 at 11:15:25PM +0800, Alex Vong wrote: >> Hello, >> >> In the guix download page[0], it mentions "Source code for the Guix >> System Distribution USB installation images as well as GNU Guix can be >> found on the GNU ftp server for alpha releases: >> http://alpha.gnu.org/gnu/guix/ (via HTTP) and >> ftp://alpha.gnu.org/gnu/guix/ (via FTP).". >> >> Should we change "http://alpha.gnu.org/gnu/guix/ (via HTTP)" to >> "https://alpha.gnu.org/gnu/guix/ (via HTTPS)"? > > The web page is created from the guix-artwork repo: > > https://git.savannah.gnu.org/cgit/guix/guix-artwork.git > > You can send patches for that repo and then we will build the site and > deploy the changes with CVS (!). Yup! It’s a good idea Alex, please send a patch. Thanks, Ludo’.
Re: Changing guix download page from using HTTP to HTTPS
On 17-03-06 12:26:52, Alex Vong wrote: > Hello ng0, > > ng0 writes: > > > On 17-03-05 23:15:25, Alex Vong wrote: > >> Hello, > >> > >> In the guix download page[0], it mentions "Source code for the Guix > >> System Distribution USB installation images as well as GNU Guix can be > >> found on the GNU ftp server for alpha releases: > >> http://alpha.gnu.org/gnu/guix/ (via HTTP) and > >> ftp://alpha.gnu.org/gnu/guix/ (via FTP).". > >> > >> Should we change "http://alpha.gnu.org/gnu/guix/ (via HTTP)" to > >> "https://alpha.gnu.org/gnu/guix/ (via HTTPS)"? > >> > >> Cheers, > >> Alex > >> > >> [0]: https://www.gnu.org/software/guix/download/ > > > > > > > > The primary link should be https not ftp, I've asked about this in a > > thread which derailed and got not very much attention to the question I > > asked so far.. which was rewritting all occurences of ftp:// on the > > website to https:// for alpha.gnu.org. > > As it is, it is inaccessible for tor users. This would fix it. > > This thread is exactly my respond to your thread. I use tor myself as > well, so I have exactly the same problem as you do. (But as you have > noticed, it can be easily fixed by changing 'ftp' to 'https'.) Are you > suggesting to replace all instances of 'http' and 'ftp' to 'https'? Have > you already sent a patch? Yes, in https://debbugs.gnu.org/cgi/bugreport.cgi?bug=25980 for the download boxes, not for the change of links you proposed.
Re: Changing guix download page from using HTTP to HTTPS
Hello ng0, ng0 writes: > On 17-03-05 23:15:25, Alex Vong wrote: >> Hello, >> >> In the guix download page[0], it mentions "Source code for the Guix >> System Distribution USB installation images as well as GNU Guix can be >> found on the GNU ftp server for alpha releases: >> http://alpha.gnu.org/gnu/guix/ (via HTTP) and >> ftp://alpha.gnu.org/gnu/guix/ (via FTP).". >> >> Should we change "http://alpha.gnu.org/gnu/guix/ (via HTTP)" to >> "https://alpha.gnu.org/gnu/guix/ (via HTTPS)"? >> >> Cheers, >> Alex >> >> [0]: https://www.gnu.org/software/guix/download/ > > > > The primary link should be https not ftp, I've asked about this in a > thread which derailed and got not very much attention to the question I > asked so far.. which was rewritting all occurences of ftp:// on the > website to https:// for alpha.gnu.org. > As it is, it is inaccessible for tor users. This would fix it. This thread is exactly my respond to your thread. I use tor myself as well, so I have exactly the same problem as you do. (But as you have noticed, it can be easily fixed by changing 'ftp' to 'https'.) Are you suggesting to replace all instances of 'http' and 'ftp' to 'https'? Have you already sent a patch? signature.asc Description: PGP signature
Re: Changing guix download page from using HTTP to HTTPS
On 17-03-05 19:45:07, ng0 wrote: > On 17-03-05 13:25:47, Mike Gerwitz wrote: > > On Sun, Mar 05, 2017 at 16:32:16 +, ng0 wrote: > > > As it is, it is inaccessible for tor users. This would fix it. > > > > The FTP server you mean? rms has asked the FSF sysadmins to fix this as > > of a day or two ago, so hopefully that'll work soon. > > > > -- > > Mike Gerwitz > > Free Software Hacker+Activist | GNU Maintainer & Volunteer > > GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 > > Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB > > https://mikegerwitz.com > > > No, this won't fix the fact that port 21+20, the ones commonly used for > ftp, are commonly blocked by most relays. Switching to http OR https and > not making ftp the legacy protocol of choice will help here. > Unless rms went by my recommendation to offer onion services, but all I > know is that they are talking at the moment. > Sorry, I thought this was a very selective reply to the patch for the website I've sent today. But my reply still stands.
Re: Changing guix download page from using HTTP to HTTPS
On Sun, Mar 05, 2017 at 11:15:25PM +0800, Alex Vong wrote: > Hello, > > In the guix download page[0], it mentions "Source code for the Guix > System Distribution USB installation images as well as GNU Guix can be > found on the GNU ftp server for alpha releases: > http://alpha.gnu.org/gnu/guix/ (via HTTP) and > ftp://alpha.gnu.org/gnu/guix/ (via FTP).". > > Should we change "http://alpha.gnu.org/gnu/guix/ (via HTTP)" to > "https://alpha.gnu.org/gnu/guix/ (via HTTPS)"? The web page is created from the guix-artwork repo: https://git.savannah.gnu.org/cgit/guix/guix-artwork.git You can send patches for that repo and then we will build the site and deploy the changes with CVS (!). signature.asc Description: PGP signature
Re: Changing guix download page from using HTTP to HTTPS
On 17-03-05 13:25:47, Mike Gerwitz wrote: > On Sun, Mar 05, 2017 at 16:32:16 +, ng0 wrote: > > As it is, it is inaccessible for tor users. This would fix it. > > The FTP server you mean? rms has asked the FSF sysadmins to fix this as > of a day or two ago, so hopefully that'll work soon. > > -- > Mike Gerwitz > Free Software Hacker+Activist | GNU Maintainer & Volunteer > GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 > Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB > https://mikegerwitz.com No, this won't fix the fact that port 21+20, the ones commonly used for ftp, are commonly blocked by most relays. Switching to http OR https and not making ftp the legacy protocol of choice will help here. Unless rms went by my recommendation to offer onion services, but all I know is that they are talking at the moment.
Re: Changing guix download page from using HTTP to HTTPS
On Sun, Mar 05, 2017 at 11:15:25PM +0800, Alex Vong wrote: > Hello, > > In the guix download page[0], it mentions "Source code for the Guix > System Distribution USB installation images as well as GNU Guix can be > found on the GNU ftp server for alpha releases: > http://alpha.gnu.org/gnu/guix/ (via HTTP) and > ftp://alpha.gnu.org/gnu/guix/ (via FTP).". > > Should we change "http://alpha.gnu.org/gnu/guix/ (via HTTP)" to > "https://alpha.gnu.org/gnu/guix/ (via HTTPS)"? Absolutely. Everyone *should* verify the signatures, but I know that many people do not. HTTPS makes it harder to perform a man-in-the-middle attack on those users, and it also gives them some privacy. signature.asc Description: PGP signature
Re: Changing guix download page from using HTTP to HTTPS
On Sun, Mar 05, 2017 at 16:32:16 +, ng0 wrote: > As it is, it is inaccessible for tor users. This would fix it. The FTP server you mean? rms has asked the FSF sysadmins to fix this as of a day or two ago, so hopefully that'll work soon. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikegerwitz.com signature.asc Description: PGP signature
Re: Changing guix download page from using HTTP to HTTPS
On 17-03-05 23:15:25, Alex Vong wrote: > Hello, > > In the guix download page[0], it mentions "Source code for the Guix > System Distribution USB installation images as well as GNU Guix can be > found on the GNU ftp server for alpha releases: > http://alpha.gnu.org/gnu/guix/ (via HTTP) and > ftp://alpha.gnu.org/gnu/guix/ (via FTP).". > > Should we change "http://alpha.gnu.org/gnu/guix/ (via HTTP)" to > "https://alpha.gnu.org/gnu/guix/ (via HTTPS)"? > > Cheers, > Alex > > [0]: https://www.gnu.org/software/guix/download/ The primary link should be https not ftp, I've asked about this in a thread which derailed and got not very much attention to the question I asked so far.. which was rewritting all occurences of ftp:// on the website to https:// for alpha.gnu.org. As it is, it is inaccessible for tor users. This would fix it.