| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 19 Jul 2020 10:41:29 +0200
From: "Alexander A. Klimov" <grandmaster@...klimov.de>
To: Finn Thain <fthain@...egraphics.com.au>
Cc: geert@...ux-m68k.org, funaho@...ai.org,
linux-m68k@...ts.linux-m68k.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] m68k: Replace HTTP links with HTTPS ones
Am 19.07.20 um 09:51 schrieb Finn Thain:
> On Sat, 18 Jul 2020, Alexander A. Klimov wrote:
>
>> *Sigh* ... yes, doing everything one nice day is better that doing just
>> something right now.
>
> I wasn't saying "do everything possible or else do nothing". I was trying
> to point to the larger problem. The http links in the kernel source hardly
> seem to matter when nothing I read on HTTPS links is trustworthy.
>
>> But doing just something right now is better that doing nothing at all.
>>
>
> HTTPS is not new. MITM attack is as old as the Byzantian hills. Your
> rationale for doing "something right now" is apparently that you trust the
> people who maintain "kernel developers" browsers but mistrust the people
> who maintain some network links and switches. That's fine and you should
> set your policy accordingly. But you should not be surprised if others
> have different threat models -- especially when you fail to offer an
> actual case where this patch might have helped.
>
Really, I'm not interested in debates on principles here.
Just tell me either of these:
* You'll apply these changes of mine as-is
* You won't apply these changes of mine at all
* I shall undo particular changes (which ones?) and/or change the commit
message (how?) before you apply the others
Thx.
Powered by blists - more mailing lists