Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

Markus Kilås (netmackan@quitter.se)'s status on Thursday, 04-Aug-2016 12:02:00 UTC Markus Kilås
- Computer and Network Security
Homebrew tells users to curl to bash without HTTPS. Complains on browser plugin changing to HTTPS... !security http://qttr.at/1ff7
In conversation Thursday, 04-Aug-2016 12:02:00 UTC from quitter.se permalink
Attachments
1. Homebrew website has invalid SSL cert, site without SSL informs users to curl to straight to bash · Issue #490 · Homebrew/brew
  
  from GitHub
  
  Looks like you're using a SSL cert for www.github.com rather than for http://brew.sh Edit: Logged this here before realising that it probably wasn't the correct place...
- Claes Wallin (韋嘉誠) repeated this.
- MMN-o ✅⃠ (mmn@social.umeahackerspace.se)'s status on Thursday, 04-Aug-2016 12:12:09 UTC MMN-o ✅⃠
  in reply to
  
  @netmackan Haha, "If you don't trust http://brew.sh/, you can always get the instructions for the installer directly from its repository" <- yeah, but what about those who just trust the instructions because they don't know about all the horrible things that can happen with unencrypted HTTP?
  In conversation Thursday, 04-Aug-2016 12:12:09 UTC permalink
  Attachments
  1. Untitled attachment
- MMN-o ✅⃠ (mmn@social.umeahackerspace.se)'s status on Thursday, 04-Aug-2016 12:13:14 UTC MMN-o ✅⃠
  in reply to
  - MMN-o ✅⃠
  @netmackan I don't understand how anyone can defend the argument "only stupid people would follow the instructions that we give". They should just give proper, secure instructions from the get-go.
  
  In conversation Thursday, 04-Aug-2016 12:13:14 UTC permalink

Public

Conversation

Notices

Feeds