bsd.sites.mk: Do we prefer http or https (or both)
Eitan Adler
lists at eitanadler.com
Sat Mar 11 18:32:52 UTC 2017
On 11 March 2017 at 09:13, Tijl Coosemans <tijl at freebsd.org> wrote:
> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbeich at freebsd.org (Jan Beich) wrote:
>> Tijl Coosemans <tijl at FreeBSD.org> writes:
>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer <gerald at pfeifer.com> wrote:
>>>> As some of you may have seen, I have done a bit of work on
>>>> bsd.sites.mk recently.
>>>>
>>>> One question I ran into: If a site offers both HTTPS and HTTP,
>>>> which of the two do we prefer? (Or do we want to list both?)
>>>
>>> https first for people that run 'make makesum'.
>>
>> It was made MITM-friendly sometime ago.
>>
>> https://svnweb.freebsd.org/changeset/ports/324051
>
> Ugh, can portmgr approve the attached patch?
I can't approve on behalf of portmgr but I'd like to echo this
request on behalf of ports-secteam. Maintainers rarely verify the
hashes that makesum generates.
I wish we can go further and filter out non-HTTPS sites during makesum.
--
Eitan Adler
More information about the freebsd-ports
mailing list