Bug#897082: lintian: Please do not warn about debian-watch-uses-insecure-uri for ftp:// URIs
Hi Andreas,
> May be the lintian warning should be more explicit and say:
>
> d/watch is pointing to an ftp download location. Downloading
> from ftp sites is considered insecure when not using ftp over
> TLS.
Alas, without introducing a separate tag for ftp:// watch files, we
cannot conditionally output parts of a description.
The tag currently says:
The watch file uses an unencrypted transport protocol for the
URI. It is recommended to use a secure transport such as HTTPS for
anonymous read-only access.
... which does seem to cover the ftp:// case. Perhaps you were
thinking of something like:
The watch file uses an unencrypted transport protocol for the
URI such as http:// or ftp://. It is recommended to use a secure
transport such as HTTPS for anonymous read-only access.
.. but this doesn't really seem to change or improve clarity that
much, so I don't think I am 100% understanding the problem here or
am misinterpreting the original bug title - ftp:// URIs are
insecure.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
Reply to: