| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <58f25e61b285362ab28d14ac55d1cd632c460fa8.camel@perches.com>
Date: Fri, 26 Jun 2020 15:01:31 -0700
From: Joe Perches <joe@...ches.com>
To: Jonathan Corbet <corbet@....net>,
"Alexander A. Klimov" <grandmaster@...klimov.de>
Cc: mchehab+samsung@...nel.org, alexandre.belloni@...tlin.com,
nicolas.ferre@...rochip.com, robh@...nel.org,
j.neuschaefer@....net, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] Replace HTTP links with HTTPS ones: Documentation/arm
On Fri, 2020-06-26 at 15:09 -0600, Jonathan Corbet wrote:
> On Fri, 26 Jun 2020 21:44:08 +0200
> "Alexander A. Klimov" <grandmaster@...klimov.de> wrote:
>
> > Rationale:
> > Reduces attack surface on kernel devs opening the links for MITM
> > as HTTPS traffic is much harder to manipulate.
[]
> > Changes in v2:
> > Undone all handhelds.org changes and 0 of 0 wearablegroup.org changes.
>
> I wasn't asking that the changes be undone, I was asking that those links
> simply be removed. They are actively harmful - much more so than any http:
> links - and shouldn't be there. *Sigh*. I guess I'll just do that.
One argument to mark old/invalid links differently somehow is
that the wayback machine at archive.org may still have them.
But when the domain has been transferred to a 3rd party, it is
possibly harmful.
Another option might be to grab any archive.org content and
put it into a Documentation/archived/outdated directory or
the like.
For instance:
https://web.archive.org/web/20090423133742/http://www.handhelds.org/projects/h1940.html
Then gain, this might as well be prehistoric content.
Powered by blists - more mailing lists