TeX Live future access in danger

Zdenek Wagner zdenek.wagner at gmail.com
Sat Apr 13 11:22:00 CEST 2019


so 13. 4. 2019 v 10:53 odesílatel Markus Kohm <markus.kohm at gmx.de> napsal:
>
> Am Samstag, 13. April 2019, 10:06:03 CEST schrieb Zdenek Wagner:
> >  If a page is loaded via https and the page
> > contains a lik with http, then, if I understand it well, the browser
> > will refuse to load it.
>
> Links are no problem. Problematic are resources like javascript, css, images,
> audio or videos which are shown on the page. So real https-pages are not
> allowed load http without extra user action. But links that need a click-
> action by the user are not a problem.
>
The web says among others:

The idea, according to Google, is to block any of these files when the
download takes place via an HTTP connection, even if the site the user
is downloading the data from is loaded via secure HTTPS.

Thus if I understand it well, links to such files _will_ be a problem.
Anyway, such blocking is IMHO nonsense. It will block real malware for
a few days, maybe even just for a few hours because setting HTTPS on a
malware server is very easy.

> Markus


Zdeněk Wagner
http://ttsm.icpf.cas.cz/team/wagner.shtml
http://icebearsoft.euweb.cz



More information about the tex-live mailing list