svn commit: r464037 - head/irc/znc
Bryan Drewery
bdrewery at FreeBSD.org
Mon Mar 12 16:58:45 UTC 2018
On 3/10/2018 1:58 AM, Jan Beich wrote:
> Alexey Dokuchaev <danfe at FreeBSD.org> writes:
>
>> On Fri, Mar 09, 2018 at 05:58:31PM -0800, Bryan Drewery wrote:
>>
>>> This is a note in general, not specifically at you. But https for
>>> distfiles only achieves 2 things: 1. Privacy against someone snooping
>>> that you are downloading ZNC (is it really that important?) but still
>>> can see your DNS and connections to the ZNC site... and 2. It breaks
>>> proxy caching. So I don't think MASTER_SITES should be converted to
>>> https in general. There's this odd push for it lately but I don't see
>>> the benefit.
>>
>> Big +1 (HTTPS for distfiles is somewhat of a PITA for me as well). Can
>> we please go back to plain good HTTP? SHA256 provides enough assurance
>> against intermittent tampering with the distfiles.
>
> "make makesum" has no MITM protection with HTTP. Maintainers may work
> on updates outside of jail due to convenience and exposure to crazy
> make.conf optimizations. Only after an update is ready it's tested in
> a poudriere jail.
>
This is a very good point.
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-ports-all/attachments/20180312/71d69bce/attachment.sig>
More information about the svn-ports-all
mailing list