[LAD] https for linuxaudio.org

[David Runge]

Hey Ralf,

On 2017-11-21 06:44:27 (+0100), Ralf Mardorf wrote:
> for security reasons developers should consider to provide signed
> checksums, as fortunately e.g.
> https://www.kernel.org/category/signatures.html does. This was
> discussed at e.g. Arch general.
That is right. I am not sure, how many can be convinced in the near
future. Asking is cheap, though, so would that work for you Fons? :)

> Not that much, since even when additionally using TOR, privacy isn't
> ensured without exceptions,
> https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRouting .
That of course is also true and thanks for pointing it out.
When writing, I was more thinking of subdomains hosting applications,
that require authentication (then seeing, that e.g.
{lists,wiki}.linuxaudio.org already facilitate letsencrypt certs).

Of course, given the right tools and infrastructure, it gets
increasingly harder to achieve some form of privacy.
However, that's no reason not to aim for the maximum amount thereof.

In any case (unless your ssl is broken) and however one wants to turn
it: It is beneficial to implement https and I'm happy to hear it will be
done.

Best,
David

-- 
https://sleepmap.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxaudio.org/pipermail/linux-audio-dev/attachments/20171126/74ee4871/attachment.pgp>