[CentOS-devel] False statement about insecurity made on Wiki

Wed Feb 10 15:42:24 UTC 2021
Rich Bowen <rbowen at redhat.com>


On 2/9/21 3:48 PM, Chris Drake wrote:
> Your Wkii page here:
> 
> https://wiki.centos.org/FAQ/CentOSStream#Where_is_the_source_code.3F 
> <https://wiki.centos.org/FAQ/CentOSStream#Where_is_the_source_code.3F>
> 
> After discussion in which it was confirmed that TLS *could* be 
> implemented "but traditionally we have not done so", was just updated by 
> Manuel Wolfshant with the following lie:-
> 
> /Note: downloads are hosted on a mirror network, where we cannot mandate 
> that every mirror node runs SSL/TLS, hence using regular http and not 
> enforcing https/
> 
> False statements are disgusting to begin with, but ones that attempt to 
> excuse the lazy decision to put all CentOS customers at risk are totally 
> unacceptable.  LE is free and easy to use and setup - it's a no-brainer 
> to fix this problem, assuming someone isn't getting a kickback from some 
> 3-letter-agency to leave this exploitable security hole open ?

This kind of personal attack on our trusted, respected community members 
is simply not acceptable on this list.

Perhaps you would like to reach out to each of our mirror hosts and help 
them get LE set up on each of their servers?