lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <98c2eed7-8d3e-a542-84af-492cf3efc313@al2klimov.de>
Date:   Sun, 19 Jul 2020 10:41:29 +0200
From:   "Alexander A. Klimov" <grandmaster@...klimov.de>
To:     Finn Thain <fthain@...egraphics.com.au>
Cc:     geert@...ux-m68k.org, funaho@...ai.org,
        linux-m68k@...ts.linux-m68k.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] m68k: Replace HTTP links with HTTPS ones



Am 19.07.20 um 09:51 schrieb Finn Thain:
> On Sat, 18 Jul 2020, Alexander A. Klimov wrote:
> 
>> *Sigh* ... yes, doing everything one nice day is better that doing just
>> something right now.
> 
> I wasn't saying "do everything possible or else do nothing". I was trying
> to point to the larger problem. The http links in the kernel source hardly
> seem to matter when nothing I read on HTTPS links is trustworthy.
> 
>> But doing just something right now is better that doing nothing at all.
>>
> 
> HTTPS is not new. MITM attack is as old as the Byzantian hills. Your
> rationale for doing "something right now" is apparently that you trust the
> people who maintain "kernel developers" browsers but mistrust the people
> who maintain some network links and switches. That's fine and you should
> set your policy accordingly. But you should not be surprised if others
> have different threat models -- especially when you fail to offer an
> actual case where this patch might have helped.
> 
Really, I'm not interested in debates on principles here.

Just tell me either of these:

* You'll apply these changes of mine as-is
* You won't apply these changes of mine at all
* I shall undo particular changes (which ones?) and/or change the commit 
message (how?) before you apply the others

Thx.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ