bsd.sites.mk: Do we prefer http or https (or both)
Adam Weinberger
adamw at adamw.org
Sat Mar 11 19:53:05 UTC 2017
> On 11 Mar, 2017, at 12:29, Tijl Coosemans <tijl at freebsd.org> wrote:
>
> On Sat, 11 Mar 2017 10:18:18 -0700 Adam Weinberger <adamw at adamw.org>
> wrote:
>> On 11 Mar, 2017, at 10:13, Tijl Coosemans <tijl at FreeBSD.org> wrote:
>>> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbeich at freebsd.org (Jan
>>> Beich) wrote:
>>>> Tijl Coosemans <tijl at FreeBSD.org> writes:
>>>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer
>>>>> <gerald at pfeifer.com> wrote:
>>>>>> As some of you may have seen, I have done a bit of work on
>>>>>> bsd.sites.mk recently.
>>>>>>
>>>>>> One question I ran into: If a site offers both HTTPS and HTTP,
>>>>>> which of the two do we prefer? (Or do we want to list both?)
>>>>>
>>>>> https first for people that run 'make makesum'.
>>>>
>>>> It was made MITM-friendly sometime ago.
>>>>
>>>> https://svnweb.freebsd.org/changeset/ports/324051
>>>
>>> Ugh, can portmgr approve the attached
>>> patch?<fetchenv.patch>_______________________________________________
>>
>> If distfiles from sites with invalid certificates won't fetch for
>> end-users, they won't fetch during makesum either.
>
> - Given that web browsers have become much less forgiving about such
> certificates this is probably much less of a problem nowadays.
> - Possibly, many of these errors are because users forgot to install
> ca_root_nss. We can hold port maintainers to a higher standard and
> expect them to have this installed.
> - Such sites should perhaps be removed from MASTER_SITES. If that's not
> possible FETCH_ENV can be set in the port Makefile.
I don't disagree with any point. Do you want to submit a PR so that an exp-run of sorts can see how many distfiles we're talking about?
# Adam
--
Adam Weinberger
adamw at adamw.org
https://www.adamw.org
More information about the freebsd-ports
mailing list