Follow-up Comment #4, sr #109093 (project administration): I might want to add that this is also criteria C6 of the GNU ethical repository criteria.
https://www.gnu.org/software/repo-criteria.html It appears that this issue was overlooked in the evaluation of Savannah (given an A grade) https://www.gnu.org/software/repo-criteria-evaluation.html To reiterate, while releases can generally be downloaded over HTTPS and verified by GNUGPG regardless, the same is not yet true for the developmental sources. As it stands right now, anyone who wants to download the developmental sources is vulnerable to spyware, backdoors, etc. being snuck in while it is in transit by anyone between the person's computer and the GNU servers (depending where one is in the world, that could go through the borders of several countries, most of which have governments who would not be above doing it, though probably only for targetted people). _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/support/?109093> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/
