[mc-devel] Request to Use HTTPS for Improved Security on Midnight Commander FTP.

Kirill Rekhov krekhov.dev at mail.ru
Fri Aug 16 21:22:51 UTC 2024


Hello, are there any administrators of http://ftp.midnight-commander.org/ here? I was looking at the
output of the `lintian` utility of the `mc` package in Debian, and I noticed the following:

-> debian-watch-uses-insecure-uri [debian/watch]

The `debian/watch` file of the `mc-4.8.31` package looks like this:
version=3
http://ftp.midnight-commander.org/mc-([\d\.]+)\.tar\.xz

An insecure connection (HTTP) is used, no HTTPS. I want to point out:

1. HTTPS ensures that the data has not been modified in transit. This is especially important for
packets, to ensure that they have not been tampered with or modified.

2. HTTPS ensures that you are connecting to the real server, and not some fake site. This helps
prevent man-in-the-middle (MITM) attacks.

3. Although the packages may be publicly available, using HTTPS prevents monitoring and tracking of
exactly which packages you download. This protects your privacy.

Could you use HTTPS? It's more secure.

---
Kirill Rekhov


More information about the mc-devel mailing list