[ubuntu-studio-devel] https://
Helios Martinez Dominguez
helios.cobain.stefani at gmail.com
Wed May 31 15:15:22 UTC 2017
>> I had this conversation on IRC. Anyone know if this is a problem? My web
>> understanding is old.
>> ---------------------------------------------------------------------
>> 06:11 < mchelen> any reason why ubuntustudio.org doesn't default to
HTTPS?
>> 07:56 < OvenWerks> mchelen: no idea.
>> 09:15 < mchelen> OvenWerks: it's not great security practice, given that
>> there are links to .iso downloads (which are also HTTP)
>> 09:50 < OvenWerks> mchelen: that may be true, however, web page setup is
>> not my thing. I am not sure who is doing web stuff right now.
>> 09:59 < mchelen> OvenWerks: ok, yeah I wasn't sure where to create an
>> issue or anything
>> 09:59 < OvenWerks> mchelen: do you know if xubuntu's site is any
>> different? I think the same person worked on both
>> 10:01 < mchelen> OvenWerks: visiting http://xubuntu.org correctly
>> redirects to https
>> 10:04 < OvenWerks> mchelen: I will drop this coversation on the dev
>> mailing list and see what comes from it.
>> 10:36 < mchelen> OvenWerks: ok thanks! hopefully its just a matter of
>> creating a redirect
>> ----------------------------------------------------------------------
>> My understanding, is that https is useful when personal info is shared
>> over the net. ubuntustudio.org is, so far as I can tell, one way. That
is,
>> we provide info/files and the user DL them, they do not sign in or give
>> comments or anything. Am I missing something?
*HTTPS** (also called *HTTP over Transport Layer Security
<https://en.wikipedia.org/wiki/Transport_Layer_Security>* (*TLS*),[1]
<https://en.wikipedia.org/wiki/HTTPS#cite_note-HTTP_Over_TLS-1> *HTTP over
SSL*,[2]
<https://en.wikipedia.org/wiki/HTTPS#cite_note-Enabling_HTTP_Over_SSL-2>
and *HTTP Secure*[3]
<https://en.wikipedia.org/wiki/HTTPS#cite_note-Secure_your_site_with_HTTPS-3>
[4] <https://en.wikipedia.org/wiki/HTTPS#cite_note-What_is_HTTPS.3F-4>) is
a communications protocol
<https://en.wikipedia.org/wiki/Communications_protocol> for secure
communication <https://en.wikipedia.org/wiki/Secure_communication>
over a computer
network <https://en.wikipedia.org/wiki/Computer_network> which is widely
used on the Internet <https://en.wikipedia.org/wiki/Internet>. HTTPS
consists of communication over Hypertext Transfer Protocol
<https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol> (HTTP) within a
connection encrypted by Transport Layer Security, or its predecessor,
Secure Sockets Layer. The main motivation for HTTPS is authentication
<https://en.wikipedia.org/wiki/Authentication> of the visited website
<https://en.wikipedia.org/wiki/Website> and protection of the privacy
<https://en.wikipedia.org/wiki/Information_privacy> and integrity
<https://en.wikipedia.org/wiki/Data_integrity> of the exchanged data.
HTTPS provides authentication of the website and associated web server
<https://en.wikipedia.org/wiki/Web_server> with which one is communicating,
which protects against man-in-the-middle attacks
<https://en.wikipedia.org/wiki/Man-in-the-middle_attack>. Additionally, it
provides bidirectional encryption <https://en.wikipedia.org/wiki/Encryption> of
communications between a client and server, which protects against
eavesdropping <https://en.wikipedia.org/wiki/Eavesdropping> and tampering
<https://en.wikipedia.org/wiki/Tamper-evident#Tampering> with or forging
the contents of the communication. In practice, this provides a reasonable
guarantee that one is communicating with precisely the website that one
intended to communicate with (as opposed to an impostor), as well as
ensuring that the contents of communications between the user and site
cannot be read or forged by any third party.
*(https://en.wikipedia.org/wiki/HTTPS)
Briefly speaking, there is the chance for the distributions to get infected
by code injection due to man-in-the-middle attacks, subverting security and
risking both project's integrity and systems information by making use of
http protocol instead of https protocol for downloading the ISO images.
*Helios Martínez Domínguez*
Consorcio Cooperativo Cinematográfico Artístico Musical -- Director General
helios.url.ph
cccam.esy.es
onu.url.ph
AVISO LEGAL
La información que contiene esta cuenta y este correo es privilegiada,
confidencial, y se encuentra protegida por la Ley.
Su contenido y archivos adjuntos son para uso exclusivo
de los destinatarios arriba mencionados y su emisor.
Cualquier intercepción, acceso, apertura, uso, difusión
o copia no autorizada están estrictamente prohibidas.
En caso de haber recibido su contenido por error u otra circunstancia,
elimínelo
y notifique inmediatamente a las autoridades pertinentes y al propietario
del correo.
Gracias.
Ley_especial_contra_los_delitos_informaticos (Venezuela)
<https://www.unodc.org/res/cld/document/ven/2001/ley-especial-contra-los-delitos-informaticos_html/Ley_especial_contra_los_delitos_informaticos.pdf>
Privacidad y secreto de las telecomunicaciones - Incibe (España)
<https://www.incibe.es/file/bNawLq3IyDBQLGk0udvtsA>
CONVENTION ON THE PRIVILEDGES AND INMUNITIES OF THE UNITED NATIONS
<http://www.un.org/en/ethics/pdf/convention.pdf>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-studio-devel/attachments/20170531/38af93cf/attachment-0001.html>
More information about the ubuntu-studio-devel
mailing list