Andrew Savchenko posted on Sun, 29 Mar 2015 21:04:52 +0300 as excerpted: > On Sun, 29 Mar 2015 19:52:38 +0200 Sebastian Pipping wrote: >> On 29.03.2015 19:39, Andrew Savchenko wrote: >> > On Sun, 29 Mar 2015 18:41:33 +0200 Sebastian Pipping wrote: >> >> So I would like to propose that >> >> >> >> * support for Git access through https:// is activated, >> >> >> >> * Git access through http:// and git:// is deactivated, and >> > >> > Some people have https blocked. http:// and git:// must be available >> > read-only. >> >> They would not do online banking over http, right? Why would they run >> code with root privileges from http? > > Gentoo tree access is not even near on the same security scale as online > banking.
The point is, if the gentoo tree is compromised and you install from it, everything you run including that online banking is now effectively compromised, so it most certainly *IS* at the same security scale as that online banking. Weakest link in the chain and all that... Unless of course you use something non-gentoo for that banking, or, I suppose, only do updates over "trusted" wireline connections (you trust your ISP, your gentoo mirror and its ISP, and all backbone connections in between), but do online banking over public wifi with unverified and untrusted hotspots... -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman