linux-audio-dev: Re: [LAD] https for linuxaudio.org

From: Ralf Mardorf <ralf.mardorf@email-addr-hidden-dsl.net>
Date: Sun Nov 26 2017 - 18:56:33 EET

On Sun, 26 Nov 2017 16:51:53 +0100, David Runge wrote:
>> Not that much, since even when additionally using TOR, privacy isn't
>> ensured without exceptions,
>> https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRouting .
>That of course is also true and thanks for pointing it out.
>When writing, I was more thinking of subdomains hosting applications,
>that require authentication (then seeing, that e.g.
>{lists,wiki}.linuxaudio.org already facilitate letsencrypt certs).
>
>Of course, given the right tools and infrastructure, it gets
>increasingly harder to achieve some form of privacy.
>However, that's no reason not to aim for the maximum amount thereof.
>
>In any case (unless your ssl is broken) and however one wants to turn
>it: It is beneficial to implement https and I'm happy to hear it will
>be done.

Btw. when I asked to provide Ardour for Arch with disabling the phone
home option, as Debian and Ubuntu already did, it was not because I had
concerns regarding upstream, I've done this, e.g. because activists use
Ardour and at the same time TOR browser, without redirecting all
traffic trough the onion. I'm pro ever little step to grant more
privacy by default, https is one of those steps. Actually ssl is much
known to the masses for Heartbleed, not for security and it's
kinda always in a broken state.

[rocketmouse@email-addr-hidden ~]$ arch-audit | grep ssl
Package openssl-1.0 is affected by CVE-2017-3736, CVE-2017-3735. Medium risk!

Ok, no output for openssl yet, just for openssl-1.0, however taking a
look at...

[rocketmouse@email-addr-hidden ~]$ pactree -r openssl-1.0
[snip]
[rocketmouse@email-addr-hidden ~]$ pactree -r openssl
[snip]

...we should take in consideration that ssl isn't the universal
salvation.

But again, I agree with you, https is better than no https ;).

Regards,
Ralf
_______________________________________________
Linux-audio-dev mailing list
Linux-audio-dev@email-addr-hidden
https://lists.linuxaudio.org/listinfo/linux-audio-dev
Received on Sun Nov 26 20:15:02 2017

This archive was generated by hypermail 2.1.8 : Sun Nov 26 2017 - 20:15:03 EET