[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Discuss-gnuradio] Suggestion: Avoid using https in Pybombs recipes
From: |
Nowlan, Sean |
Subject: |
Re: [Discuss-gnuradio] Suggestion: Avoid using https in Pybombs recipes |
Date: |
Tue, 30 Jul 2013 16:04:41 +0000 |
If you "sudo make install" a compiled binary from spoofed git repository, your
botnet masters will thank you!
________________________________________
From: address@hidden address@hidden on behalf of Michael Ossmann address@hidden
Sent: Tuesday, July 30, 2013 11:52 AM
To: M Dammer
Cc: address@hidden
Subject: Re: [Discuss-gnuradio] Suggestion: Avoid using https in Pybombs recipes
On Tue, Jul 30, 2013 at 11:57:09AM +0100, M Dammer wrote:
>
> This may lower security, but as the software we are working with is
> opensource anyway I do not see the need for encryption.
There have been attacks against users of open source software via
automated software update and installation methods.
My two cents: fix certificate validation instead of dropping https.
_______________________________________________
Discuss-gnuradio mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/discuss-gnuradio