View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0003476 | OpenFOAM | Bug | public | 2020-04-03 21:14 | 2020-04-09 22:48 |
Reporter | kryptomatrix | Assigned To | administrator | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Summary | 0003476: Security vulnerability in the documentation | ||||
Description | Here: https://openfoam.org/download/7-ubuntu/ you tell users to run sudo sh -c "wget -O - http://dl.openfoam.org/gpg.key | apt-key add -" , but downloading via http is insecure, you should make dl.openfoam.org use https. Here: https://openfoam.org/download/source/downloading-source-code/ you tell users to use git clone git://... which is also insecure. Quote from the manual (https://git-scm.com/docs/git-clone): The native transport (i.e. git:// URL) does no authentication and should be used with caution on unsecured networks. | ||||
Tags | No tags attached. | ||||
|
Thanks for the suggestions here: 1) For the Ubuntu installation, see changes: https://openfoam.org/download/7-ubuntu We have changed the key download to https:// We retained the repository as http:// since we found problems with it in the past, and the key will authenticate the downloaded pack anyway. 2) For the git clone, we followed your suggestion and removed the git:// protocol https://openfoam.org/download/source/downloading-source-code |
|
Resolved I assume |
Date Modified | Username | Field | Change |
---|---|---|---|
2020-04-03 21:14 | kryptomatrix | New Issue | |
2020-04-06 16:24 | chris | Note Added: 0011282 | |
2020-04-09 22:48 | administrator | Assigned To | => administrator |
2020-04-09 22:48 | administrator | Status | new => closed |
2020-04-09 22:48 | administrator | Resolution | open => fixed |
2020-04-09 22:48 | administrator | Note Added: 0011284 |