[gnutls-help] Availability of gnutls.org over HTTPS

Marcin Szewczyk gnutls at wodny.org
Tue Feb 9 16:06:00 CET 2016


is there any particular reason for not having the gnutls.org available
over HTTPS?

I can imagine that a certificate has little meaning when one is
downloading GnuTLS because the only reasonable approach is to verify the
GPG signature on the source code.

But what if I just want to have a quick look at the template file[1] for
which it seems quite important not to serve it via a connection someone
can hijack? There is also a possibility of embedding malicious content
(e.g.  JavaScript code) via a MitM attack and targeting some of
gnutls.org visitors.

[1] http://www.gnutls.org/manual/gnutls.html#Certtool_0027s-template-file-format

Marcin Szewczyk

More information about the Gnutls-help mailing list