| 1 |
Andrew Savchenko posted on Sun, 29 Mar 2015 21:04:52 +0300 as excerpted: |
| 2 |
|
| 3 |
> On Sun, 29 Mar 2015 19:52:38 +0200 Sebastian Pipping wrote: |
| 4 |
>> On 29.03.2015 19:39, Andrew Savchenko wrote: |
| 5 |
>> > On Sun, 29 Mar 2015 18:41:33 +0200 Sebastian Pipping wrote: |
| 6 |
>> >> So I would like to propose that |
| 7 |
>> >> |
| 8 |
>> >> * support for Git access through https:// is activated, |
| 9 |
>> >> |
| 10 |
>> >> * Git access through http:// and git:// is deactivated, and |
| 11 |
>> > |
| 12 |
>> > Some people have https blocked. http:// and git:// must be available |
| 13 |
>> > read-only. |
| 14 |
>> |
| 15 |
>> They would not do online banking over http, right? Why would they run |
| 16 |
>> code with root privileges from http? |
| 17 |
> |
| 18 |
> Gentoo tree access is not even near on the same security scale as online |
| 19 |
> banking. |
| 20 |
|
| 21 |
The point is, if the gentoo tree is compromised and you install from it, |
| 22 |
everything you run including that online banking is now effectively |
| 23 |
compromised, so it most certainly *IS* at the same security scale as that |
| 24 |
online banking. Weakest link in the chain and all that... |
| 25 |
|
| 26 |
Unless of course you use something non-gentoo for that banking, or, I |
| 27 |
suppose, only do updates over "trusted" wireline connections (you trust |
| 28 |
your ISP, your gentoo mirror and its ISP, and all backbone connections in |
| 29 |
between), but do online banking over public wifi with unverified and |
| 30 |
untrusted hotspots... |
| 31 |
|
| 32 |
|
| 33 |
-- |
| 34 |
Duncan - List replies preferred. No HTML msgs. |
| 35 |
"Every nonfree program has a lord, a master -- |
| 36 |
and if you use the program, he is your master." Richard Stallman |
Archives