Bug#810381: debian-policy: Update wording of 5.6.26 VCS-* fields to reflect the need for security
On Thu, 24 Aug 2017, Sean Whitton wrote:
> Seconded, but I think the integrity protection is a more important
> reason to avoid the git protocol or http, so if we can come up with a
> further change to reflect that it would be better.
Attacking the integrity of the messages in transit requires active MITM
attacks for all three protocols (http, https, git).
https *without* strong certificate validation has no defense against
active MITM, i.e. it does *not* protect message integrity against
attacks.
And since all of the required PKI for https to do strong certificate
validation is out-of-band, we have to assume naive https use.
So, no, this is not about integrity. It is, at most, about privacy
against passive eavesdropers. If you want integrity, a lot more is
needed.
--
Henrique Holschuh
Reply to: