![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(The canonical location of this blog post is now Why unauthenticated software download is dangerous and unethical on my web site.)
Have you ever done svn checkout http://include-what-you-use.googlecode.com/svn/trunk/ include-what-you-use?
How about download; ./configure; make; make install when the connection is HTTP and you haven't checked your download against a cryptographic hash (e.g. SHA256) or public key (e.g. PGP) provided via an authenticated channel (e.g. HTTPS)? [1]
Have you ever done these while using coffee shop or train or cellular Internet without a VPN? Or even on home WiFi in a crowded area? [2]
It's not just you whose security is at risk by these deeds.
( Read more... )
Have you ever done svn checkout http://include-what-you-use.googlecode.com/svn/trunk/ include-what-you-use?
How about download; ./configure; make; make install when the connection is HTTP and you haven't checked your download against a cryptographic hash (e.g. SHA256) or public key (e.g. PGP) provided via an authenticated channel (e.g. HTTPS)? [1]
Have you ever done these while using coffee shop or train or cellular Internet without a VPN? Or even on home WiFi in a crowded area? [2]
It's not just you whose security is at risk by these deeds.
( Read more... )
