On Tue, Dec 05, 2017 at 11:18:45PM +0000, RW via freebsd-security wrote: > On Tue, 5 Dec 2017 14:08:49 -0800 > Gordon Tetlow wrote: > > > > Using this as a reason to not move to HTTPS is a fallacy. We should do > > everything we can to help our end-users get FreeBSD in the most secure > > way. > > I think it's more a question of whether all users should be forced onto > https even if it might prevent some users from getting security updates.
I agree with this sentiment. I would like https to be the default with http being an explicit decision on the user's end to use. This way, the naive user can get the benefits of encryption in transit while a knowledgable user can accept the risk of getting updates via http. Best, Gordon _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
