[Surfraw-devel] Bug#856108: surfraw: most elvi use insecure URLs

Adam Borowski kilobyte at angband.pl
Sat Feb 25 06:52:15 UTC 2017

Package: surfraw
Version: 2.2.9-1
Severity: normal

All elvi point to http URLs, and at most sometimes allow an option to use
"experimental" SSL support with an old URL, such as wikipedia:
instead of https://$LANG.wikipedia.org/wiki/%s

I've checked ~10 at random, all of them not only support https as the
primary URL but even redirect http to https.

Thus, giving the query over http is strictly harmful: it allows an attacker
to spy on and/or redirect your queries, slows down the connection (there's
the redirect first) and gives no benefit in case either your browser or the
server has SSL problems, as the redirect will block access to http anyway.

So, please switch all sites to https.

More information about the Surfraw-devel mailing list