Y
Hacker News
new
|
ask
|
show
|
jobs
by
throwuxiytayq
669 days ago
Huh? Are you really saying that downloading configuration files over HTTP is
fine
? (I’m really struggling to find a charitable interpretation)
3 comments
diffeomorphism
669 days ago
Of course it is. If you want security, you should secure the files (i.e., signatures, public key, whatever), not the carrier pigeon used to send them.
link
chgs
669 days ago
I think their argument is it shouldn’t download any configuration via any connection.
link
homero
668 days ago
No it's that HTTP means nothing
link
homero
668 days ago
Of course it's fine. You sign the files
link