[gnutls-help] Availability of gnutls.org over HTTPS
Marcin Szewczyk
gnutls at wodny.org
Tue Feb 9 16:06:00 CET 2016
Hi,
is there any particular reason for not having the gnutls.org available
over HTTPS?
I can imagine that a certificate has little meaning when one is
downloading GnuTLS because the only reasonable approach is to verify the
GPG signature on the source code.
But what if I just want to have a quick look at the template file[1] for
which it seems quite important not to serve it via a connection someone
can hijack? There is also a possibility of embedding malicious content
(e.g. JavaScript code) via a MitM attack and targeting some of
gnutls.org visitors.
[1] http://www.gnutls.org/manual/gnutls.html#Certtool_0027s-template-file-format
--
Marcin Szewczyk
http://wodny.org
More information about the Gnutls-help
mailing list