Re: [PATCH] SCSI RDMA PROTOCOL (SRP) TARGET: Replace HTTP links with HTTPS ones
From: Alexander A. Klimov
Date: Sun Jul 12 2020 - 16:15:38 EST
Am 12.07.20 um 21:52 schrieb Bart Van Assche:
On 2020-07-10 11:12, Alexander A. Klimov wrote:
Am 10.07.20 um 16:22 schrieb Bart Van Assche:
On 2020-07-09 12:48, Alexander A. Klimov wrote:
diff --git a/drivers/infiniband/ulp/srpt/Kconfig b/drivers/infiniband/ulp/srpt/Kconfig
index 4b5d9b792cfa..f63b34d9ae32 100644
--- a/drivers/infiniband/ulp/srpt/Kconfig
+++ b/drivers/infiniband/ulp/srpt/Kconfig
@@ -10,4 +10,4 @@ config INFINIBAND_SRPT
ÂÂÂÂÂÂÂ that supports the RDMA protocol. Currently the RDMA protocol is
ÂÂÂÂÂÂÂ supported by InfiniBand and by iWarp network hardware. More
ÂÂÂÂÂÂÂ information about the SRP protocol can be found on the website
-ÂÂÂÂÂ of the INCITS T10 technical committee (http://www.t10.org/).
+ÂÂÂÂÂ of the INCITS T10 technical committee (https://www.t10.org/).
It is not clear to me how modifying an URL in a Kconfig file helps to
reduce the attack surface on kernel devs?
Not on all, just on the ones who open it.
Is changing every single HTTP URL in the kernel into a HTTPS URL the best
solution? Is this the only solution? Has it been considered to recommend
kernel developers who are concerned about MITM attacks to install a browser
extension like HTTPS Everywhere instead?
I've installed that addon myself.
But IMAO it's just a workaround which is (not available to all browsers,
not installed by default in any of them and) not even 100% secure unless
you tick a particular checkbox.
Anyway the majority of maintainers and Torvalds himself agree with my
solution.
I mean, just look at
git log '--author=Alexander A. Klimov <grandmaster@xxxxxxxxxxxx>' \
--oneline v5.7..master
Or (better) wait for v5.9-rc1 (and all the yet just applied patches it
will consist of) *and then* run the command.
Thanks,
Bart.