[gnutls-devel] Fwd: Devel page points to insecure cloning of GnuTLS

Synamics syn4m1cs at riseup.net
Sun Mar 9 11:46:28 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, good morning
The page http://www.gnutls.org/devel.html points to
"git://gitorious.org/gnutls/gnutls.git", which uses git protocol,
without authentication of the downloaded packages.
Why not subtitute it with https://gitorious.org/gnutls/gnutls.git ?
You have done a good job with GnuTLS, I'll try to help you at auditing it...
Good-Bye.
- -- 
Synamics synamics at riseup.net <mailto:synamics at riseup.net> GPG: 8BCC264B
(1570 A5FC 48D1 99C6 1C45 E847 567E 231A 8BCC 264B)
<http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x567E231A8BCC264B>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJTHEW1AAoJEFZ+IxqLzCZLJBcQAJnL99pc0LI0RrbvO91QVsS0
i6RG49+VhzF8NV1hDeBXeGXQ7ng5Z9HxlOh2RsXPbzLhsTIvm4QNyE0SWoDgBLn+
evGxaPX0NW+27sHe7GTFpQlDD/Eh0bR6yIOEMrRODcuyPK44nDngAmtzLsTMP4EP
mRt5ErbHzgB1B5/3O2PJs4ekIkZ65ZZntEJToD9LL5TCIVnAGxXMyGSv6xCV6CgN
ey14JdsKNP9Py4AcbG9aW91g+PzE83ULgNhs6cel0TrRoVAxfnm0AxfQAHeYRmI9
5PLc6KS9vpZSGQsVSU7vl4MmvIcsCvMT60eAbdXvElG5Z2Dr6KKsReta6fGMfefj
r9SlxzOd6MwlFpu1xw8q3tUvk1aPHrPnGrGShMiC1iRn7oVFqSDQaXmoej6CEirc
8Xp/DISPElpDdDgFm7o6ifyATrvmKyAoa2Miy6smTg5eJMJwPOKGPdysBorMoFGn
R0vksg8YL7s/sdb1XyBNqSrfXUM0xfcsxAnuW2A6iOZW+jTwHx4WhwhmlG00qKsG
GS4CxV9QddnCl05Gi1z1/0GjC4liWxQSs4aGlrWa7stIWfpudWveSfrMOSaHN8dU
WFR0BY6ITc6yWFBQSTKSkCMtFfBnpIOAG4o7n9R9G9iYK2xcFm3v+LiEpyHonECj
KbiS5gNJHqFDYb7SIjkD
=n0m4
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2291 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20140309/fe00506a/attachment.bin>


More information about the Gnutls-devel mailing list