| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Nov 2020 16:46:31 +0000
From: David Howells <dhowells@...hat.com>
To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc: "Alexander A. Klimov" <grandmaster@...klimov.de>,
dhowells@...hat.com, keyrings@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH 9/9] encrypted-keys: Replace HTTP links with HTTPS ones
From: Alexander A. Klimov <grandmaster@...klimov.de>
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.
Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.
Signed-off-by: Alexander A. Klimov <grandmaster@...klimov.de>
Signed-off-by: David Howells <dhowells@...hat.com>
---
include/keys/encrypted-type.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/keys/encrypted-type.h b/include/keys/encrypted-type.h
index 38afb341c3f2..abfcbe02001a 100644
--- a/include/keys/encrypted-type.h
+++ b/include/keys/encrypted-type.h
@@ -2,7 +2,7 @@
/*
* Copyright (C) 2010 IBM Corporation
* Copyright (C) 2010 Politecnico di Torino, Italy
- * TORSEC group -- http://security.polito.it
+ * TORSEC group -- https://security.polito.it
*
* Authors:
* Mimi Zohar <zohar@...ibm.com>
Powered by blists - more mailing lists