Tim Rühsen wrote:
BTW, has there been some official statement and/or discussion about such a change ? Should we put it on gnu-prog-discuss ?
It's been years since I read gnu-prog-discuss, but you're welcome to raise the topic there. To me it's a no-brainer. Code injection attacks are easy with HTTP and can cause serious damage, and code is the lifeblood of the free-software movement. Nowadays it is almost irresponsible to encourage the use of HTTP to distribute code.
