X-Authentication-Warning: delorie.com: mail set sender to geda-user-bounces using -f X-Recipient: geda-user AT delorie DOT com X-Originating-IP: 88.129.21.118 Subject: Re: [geda-user] No https for pcb-rnd To: geda-user AT delorie DOT com References: <197408a7-1183-7805-6f84-7794386c52dc AT fastmail DOT com> <20210111235323 DOT GB9305 AT recycle DOT lbl DOT gov> From: "Nicklas SB Karlsson (nk AT nksb DOT online) [via geda-user AT delorie DOT com]" Message-ID: Date: Tue, 12 Jan 2021 06:55:29 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Reply-To: geda-user AT delorie DOT com Errors-To: nobody AT delorie DOT com X-Mailing-List: geda-user AT delorie DOT com X-Unsubscribes-To: listserv AT delorie DOT com Precedence: bulk Den 2021-01-12 kl. 01:44, skrev Erich Heinzle (a1039181 AT gmail DOT com) [via geda-user AT delorie DOT com]: > Indeed, if you don't trust the package maintainers and package > submission process for your distribution, and don't trust other > installed software like a browser from a 3rd party source, then https > is irrelevant, since your browser or local ssh libs can be compromised > to perform MITM attacks, and if you build from source, you need to > trust your compiler... but how do you build that from source.... If you work for the defense industry maybe you should check if author have suspicious name ;) Otherwise I do not care to much, do not think anyone is interested in the lousy circuits I made but even though I am not prepared to spend any time on it https would is first choice. Nicklas Karlsson