TeX Live future access in danger
Nelson H. F. Beebe
beebe at math.utah.edu
Fri Apr 12 22:30:52 CEST 2019
The SANS security list today carries a pointer to this story:
Google Chrome engineers want to block some HTTP file downloads
https://www.zdnet.com/article/google-chrome-engineers-want-to-block-some-http-file-downloads/
The story notes:
>> ...
>> According to a proposal the browser maker has put forward yesterday,
>> only the download of certain "high-risk" file types will be blocked by
>> default.
>>
>> This includes EXE (Windows application binary), DMG (Mac application
>> binary), CRX (Chrome extension package), and all the major archive
>> formats, like ZIP, GZIP, BZIP, TAR, RAR, and 7Z.
>> ...
I personally view this as totally wrong-headed, and also easily
subverted by the creation of encrypted data streams transferred under
innocuous names. Nevertheless, if implemented, it could be a
significant problem for Web sites with downloadable content, include
TeX Live and CTAN mirrors.
-------------------------------------------------------------------------------
- Nelson H. F. Beebe Tel: +1 801 581 5254 -
- University of Utah FAX: +1 801 581 4148 -
- Department of Mathematics, 110 LCB Internet e-mail: beebe at math.utah.edu -
- 155 S 1400 E RM 233 beebe at acm.org beebe at computer.org -
- Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------
More information about the tex-live
mailing list