1 |
On Sun, 29 Mar 2015 23:35:54 +0600 |
2 |
"Vadim A. Misbakh-Soloviov" <mva@×××.name> wrote: |
3 |
|
4 |
> Despite of all you're talking about is right from paranoid point of |
5 |
> view, I'd, anyway, say "DO NOT DO THAT", because you propose to |
6 |
> revoke the right of choice from the users. |
7 |
|
8 |
A "right of choice" from the user only makes sense if there is a |
9 |
reasonable choice. |
10 |
|
11 |
Just to take this to the extreme: Should we add a heartbleed-enabled |
12 |
version of openssl back to the portage tree? It's the choice of the |
13 |
user if they want to have heartbleed enabled, right? |
14 |
|
15 |
If there is no disadvantage for the more secure protocols then there is |
16 |
no need for a choice. |
17 |
|
18 |
> Moreover, there are some times where it is impossible to fetch |
19 |
> sources via "secure" way, but you need it right here and right now. |
20 |
|
21 |
This has been said before, also in the thread about the webpage. Can |
22 |
you say what times that would be? |
23 |
Basically these days it's not possible to use the mainstream internet |
24 |
without https (you can't search google or log into facebook without |
25 |
https). |
26 |
I'd really like to hear of any real world situation where this is an |
27 |
issue. |
28 |
|
29 |
-- |
30 |
Hanno Böck |
31 |
http://hboeck.de/ |
32 |
|
33 |
mail/jabber: hanno@××××××.de |
34 |
GPG: BBB51E42 |