diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2017-09-16 13:03:36 -0700 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2017-09-16 13:25:44 -0700 |
| commit | 199e7a445040270fa5ef67623c56cde40d765199 (patch) | |
| tree | 79d5ad3495469737e8eb56be09b2e32f09cc1fed /t/targetclash.sh | |
| parent | f389ecb89acb7f51b6a9e8f41ebad3e45ac905a2 (diff) | |
| download | automake-199e7a445040270fa5ef67623c56cde40d765199.tar.gz | |
Prefer https: URLs
In Gnulib, Emacs, etc. we are changing ftp: and http: URLs to use
https:, to discourage man-in-the-middle attacks when downloading
software. The attached patch propagates these changes upstream to
Automake. This patch does not affect files that Automake is
downstream of, which I'll patch separately.
Althouth the resources are not secret, plain HTTP is vulnerable to
malicious routers that tamper with responses from GNU servers,
and this sort of thing is all too common when people in some other
countries browse US-based websites. See, for example:
Aceto G, Botta A, Pescapé A, Awan MF, Ahmad T, Qaisar
S. Analyzing internet censorship in Pakistan. RTSI
2016. https://dx.doi.org/10.1109/RTSI.2016.7740626
HTTPS is not a complete solution here, but it can be a significant
help. The GNU project regularly serves up code to users, so we should
take some care here.
Diffstat (limited to 't/targetclash.sh')
| -rw-r--r-- | t/targetclash.sh | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/t/targetclash.sh b/t/targetclash.sh index dea195623..e9c91f316 100644 --- a/t/targetclash.sh +++ b/t/targetclash.sh @@ -12,7 +12,7 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program. If not, see <https://www.gnu.org/licenses/>. # Check that target clashes are diagnosed. |