>> I had this conversation on IRC. Anyone know if this is a problem? My web >> understanding is old.
>> --------------------------------------------------------------------- >> 06:11 < mchelen> any reason why ubuntustudio.org doesn't default to HTTPS? >> 07:56 < OvenWerks> mchelen: no idea. >> 09:15 < mchelen> OvenWerks: it's not great security practice, given that >> there are links to .iso downloads (which are also HTTP) >> 09:50 < OvenWerks> mchelen: that may be true, however, web page setup is >> not my thing. I am not sure who is doing web stuff right now. >> 09:59 < mchelen> OvenWerks: ok, yeah I wasn't sure where to create an >> issue or anything >> 09:59 < OvenWerks> mchelen: do you know if xubuntu's site is any >> different? I think the same person worked on both >> 10:01 < mchelen> OvenWerks: visiting http://xubuntu.org correctly >> redirects to https >> 10:04 < OvenWerks> mchelen: I will drop this coversation on the dev >> mailing list and see what comes from it. >> 10:36 < mchelen> OvenWerks: ok thanks! hopefully its just a matter of >> creating a redirect >> ---------------------------------------------------------------------- >> My understanding, is that https is useful when personal info is shared >> over the net. ubuntustudio.org is, so far as I can tell, one way. That is, >> we provide info/files and the user DL them, they do not sign in or give >> comments or anything. Am I missing something? *HTTPS** (also called *HTTP over Transport Layer Security <https://en.wikipedia.org/wiki/Transport_Layer_Security>* (*TLS*),[1] <https://en.wikipedia.org/wiki/HTTPS#cite_note-HTTP_Over_TLS-1> *HTTP over SSL*,[2] <https://en.wikipedia.org/wiki/HTTPS#cite_note-Enabling_HTTP_Over_SSL-2> and *HTTP Secure*[3] <https://en.wikipedia.org/wiki/HTTPS#cite_note-Secure_your_site_with_HTTPS-3> [4] <https://en.wikipedia.org/wiki/HTTPS#cite_note-What_is_HTTPS.3F-4>) is a communications protocol <https://en.wikipedia.org/wiki/Communications_protocol> for secure communication <https://en.wikipedia.org/wiki/Secure_communication> over a computer network <https://en.wikipedia.org/wiki/Computer_network> which is widely used on the Internet <https://en.wikipedia.org/wiki/Internet>. HTTPS consists of communication over Hypertext Transfer Protocol <https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol> (HTTP) within a connection encrypted by Transport Layer Security, or its predecessor, Secure Sockets Layer. The main motivation for HTTPS is authentication <https://en.wikipedia.org/wiki/Authentication> of the visited website <https://en.wikipedia.org/wiki/Website> and protection of the privacy <https://en.wikipedia.org/wiki/Information_privacy> and integrity <https://en.wikipedia.org/wiki/Data_integrity> of the exchanged data. HTTPS provides authentication of the website and associated web server <https://en.wikipedia.org/wiki/Web_server> with which one is communicating, which protects against man-in-the-middle attacks <https://en.wikipedia.org/wiki/Man-in-the-middle_attack>. Additionally, it provides bidirectional encryption <https://en.wikipedia.org/wiki/Encryption> of communications between a client and server, which protects against eavesdropping <https://en.wikipedia.org/wiki/Eavesdropping> and tampering <https://en.wikipedia.org/wiki/Tamper-evident#Tampering> with or forging the contents of the communication. In practice, this provides a reasonable guarantee that one is communicating with precisely the website that one intended to communicate with (as opposed to an impostor), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party. *(https://en.wikipedia.org/wiki/HTTPS) Briefly speaking, there is the chance for the distributions to get infected by code injection due to man-in-the-middle attacks, subverting security and risking both project's integrity and systems information by making use of http protocol instead of https protocol for downloading the ISO images. *Helios Martínez Domínguez* Consorcio Cooperativo Cinematográfico Artístico Musical -- Director General helios.url.ph cccam.esy.es onu.url.ph AVISO LEGAL La información que contiene esta cuenta y este correo es privilegiada, confidencial, y se encuentra protegida por la Ley. Su contenido y archivos adjuntos son para uso exclusivo de los destinatarios arriba mencionados y su emisor. Cualquier intercepción, acceso, apertura, uso, difusión o copia no autorizada están estrictamente prohibidas. En caso de haber recibido su contenido por error u otra circunstancia, elimínelo y notifique inmediatamente a las autoridades pertinentes y al propietario del correo. Gracias. Ley_especial_contra_los_delitos_informaticos (Venezuela) <https://www.unodc.org/res/cld/document/ven/2001/ley-especial-contra-los-delitos-informaticos_html/Ley_especial_contra_los_delitos_informaticos.pdf> Privacidad y secreto de las telecomunicaciones - Incibe (España) <https://www.incibe.es/file/bNawLq3IyDBQLGk0udvtsA> CONVENTION ON THE PRIVILEDGES AND INMUNITIES OF THE UNITED NATIONS <http://www.un.org/en/ethics/pdf/convention.pdf>
-- ubuntu-studio-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel
