[CentOS-devel] False statement about insecurity made on Wiki

Tue Feb 9 20:48:31 UTC 2021
Chris Drake <cryptophoto at gmail.com>

Your Wkii page here:

https://wiki.centos.org/FAQ/CentOSStream#Where_is_the_source_code.3F

After discussion in which it was confirmed that TLS *could* be
implemented "but traditionally we have not done so", was just updated by
Manuel Wolfshant with the following lie:-

*Note: downloads are hosted on a mirror network, where we cannot mandate
that every mirror node runs SSL/TLS, hence using regular http and not
enforcing https*

False statements are disgusting to begin with, but ones that attempt to
excuse the lazy decision to put all CentOS customers at risk are totally
unacceptable.  LE is free and easy to use and setup - it's a no-brainer to
fix this problem, assuming someone isn't getting a kickback from some
3-letter-agency to leave this exploitable security hole open ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20210210/cc64ad7d/attachment-0004.html>