[Popcon-developers] Bug#880121: popularity-contest: popcon-upload should be made to POST over https

Subject: [Popcon-developers] Bug#880121: popularity-contest: popcon-upload should be made to POST over https
From: mat.jonczyk@o2.pl (Mateusz Jończyk)
Date: Thu, 4 Jan 2018 10:54:42 +0100
Message-id: <[🔎] f3306ec8-ca17-c7df-bd14-fd4b78829738@o2.pl>
References: <20171029182127.tq6l3czg5borvb6p@betterave.cristau.org>

Hello,
It is known that NSA was using error messages from Windows to check which
software is installed on user computers and which software they can hack[1].

So uploading a list of installed software over plaintext is dangerous.

Please change severity to serious or higher.

>Maybe I am overoptimistic, but OpenPGP seems to be simpler and moving
>more slowly than TLS.
Internet Explorer 7 still can connect to most websites and was released
on October 18, 2006, which was 11 years ago.

IMHO it is more important to be secure then receive uploads from ancient clients.


Greetings,
Mateusz Jo?czyk

[1] http://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html

Reply to:

Follow-Ups:
- [Popcon-developers] Bug#880121: Bug#880121: popularity-contest: popcon-upload should be made to POST over https
  - From: ballombe@debian.org (Bill Allombert)

Next by Date: [Popcon-developers] Bug#880121: Bug#880121: popularity-contest: popcon-upload should be made to POST over https
Next by thread: [Popcon-developers] Bug#880121: Bug#880121: popularity-contest: popcon-upload should be made to POST over https
Index(es):
- Date
- Thread