bsd.sites.mk: Do we prefer http or https (or both)
Tijl Coosemans
tijl at FreeBSD.org
Sat Mar 11 19:29:20 UTC 2017
On Sat, 11 Mar 2017 10:18:18 -0700 Adam Weinberger <adamw at adamw.org>
wrote:
> On 11 Mar, 2017, at 10:13, Tijl Coosemans <tijl at FreeBSD.org> wrote:
>> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbeich at freebsd.org (Jan
>> Beich) wrote:
>>> Tijl Coosemans <tijl at FreeBSD.org> writes:
>>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer
>>>> <gerald at pfeifer.com> wrote:
>>>>> As some of you may have seen, I have done a bit of work on
>>>>> bsd.sites.mk recently.
>>>>>
>>>>> One question I ran into: If a site offers both HTTPS and HTTP,
>>>>> which of the two do we prefer? (Or do we want to list both?)
>>>>
>>>> https first for people that run 'make makesum'.
>>>
>>> It was made MITM-friendly sometime ago.
>>>
>>> https://svnweb.freebsd.org/changeset/ports/324051
>>
>> Ugh, can portmgr approve the attached
>> patch?<fetchenv.patch>_______________________________________________
>
> If distfiles from sites with invalid certificates won't fetch for
> end-users, they won't fetch during makesum either.
- Given that web browsers have become much less forgiving about such
certificates this is probably much less of a problem nowadays.
- Possibly, many of these errors are because users forgot to install
ca_root_nss. We can hold port maintainers to a higher standard and
expect them to have this installed.
- Such sites should perhaps be removed from MASTER_SITES. If that's not
possible FETCH_ENV can be set in the port Makefile.
More information about the freebsd-ports
mailing list