bsd.sites.mk: Do we prefer http or https (or both)
Mathieu Arnold
mat at FreeBSD.org
Mon Mar 13 13:06:21 UTC 2017
Le 11/03/2017 à 19:32, Eitan Adler a écrit :
> On 11 March 2017 at 09:13, Tijl Coosemans <tijl at freebsd.org> wrote:
>> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbeich at freebsd.org (Jan Beich) wrote:
>>> Tijl Coosemans <tijl at FreeBSD.org> writes:
>>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer <gerald at pfeifer.com> wrote:
>>>>> As some of you may have seen, I have done a bit of work on
>>>>> bsd.sites.mk recently.
>>>>>
>>>>> One question I ran into: If a site offers both HTTPS and HTTP,
>>>>> which of the two do we prefer? (Or do we want to list both?)
>>>> https first for people that run 'make makesum'.
>>> It was made MITM-friendly sometime ago.
>>>
>>> https://svnweb.freebsd.org/changeset/ports/324051
>> Ugh, can portmgr approve the attached patch?
> I can't approve on behalf of portmgr but I'd like to echo this
> request on behalf of ports-secteam. Maintainers rarely verify the
> hashes that makesum generates.
>
> I wish we can go further and filter out non-HTTPS sites during makesum.
This should be pretty easy to do with the existing MASTER_SORT feature.
--
Mathieu Arnold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20170313/a5b14c6e/attachment.sig>
More information about the freebsd-ports
mailing list