bsd.sites.mk: Do we prefer http or https (or both)

Tijl Coosemans tijl at FreeBSD.org
Mon Mar 13 16:14:48 UTC 2017 

On Mon, 13 Mar 2017 09:32:13 -0600 Adam Weinberger <adamw at adamw.org> wrote:
> On 13 Mar, 2017, at 7:32, Tijl Coosemans <tijl at freebsd.org> wrote:
>> On Sat, 11 Mar 2017 14:25:13 -0700 Adam Weinberger <adamw at adamw.org>
>> wrote:
>>>> On 11 Mar, 2017, at 12:53, Adam Weinberger <adamw at adamw.org> wrote:
>>>>> On 11 Mar, 2017, at 12:29, Tijl Coosemans <tijl at freebsd.org> wrote:
>>>>> On Sat, 11 Mar 2017 10:18:18 -0700 Adam Weinberger <adamw at adamw.org>
>>>>> wrote:
>>>>>> On 11 Mar, 2017, at 10:13, Tijl Coosemans <tijl at FreeBSD.org>
>>>>>> wrote:
>>>>>>> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbeich at freebsd.org (Jan
>>>>>>> Beich) wrote:
>>>>>>>> Tijl Coosemans <tijl at FreeBSD.org> writes:
>>>>>>>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer
>>>>>>>>> <gerald at pfeifer.com> wrote:
>>>>>>>>>> As some of you may have seen, I have done a bit of work on
>>>>>>>>>> bsd.sites.mk recently.
>>>>>>>>>> 
>>>>>>>>>> One question I ran into:  If a site offers both HTTPS and
>>>>>>>>>> HTTP, which of the two do we prefer?  (Or do we want to list
>>>>>>>>>> both?)
>>>>>>>>> 
>>>>>>>>> https first for people that run 'make makesum'.
>>>>>>>> 
>>>>>>>> It was made MITM-friendly sometime ago.
>>>>>>>> 
>>>>>>>> https://svnweb.freebsd.org/changeset/ports/324051
>>>>>>> 
>>>>>>> Ugh, can portmgr approve the attached patch?<fetchenv.patch>
>>>>>> 
>>>>>> If distfiles from sites with invalid certificates won't fetch for
>>>>>> end-users, they won't fetch during makesum either.
>>>>> 
>>>>> - Given that web browsers have become much less forgiving about such
>>>>>  certificates this is probably much less of a problem nowadays.
>>>>> - Possibly, many of these errors are because users forgot to install
>>>>>  ca_root_nss.  We can hold port maintainers to a higher standard and
>>>>>  expect them to have this installed.
>>>>> - Such sites should perhaps be removed from MASTER_SITES.  If
>>>>>  that's not possible FETCH_ENV can be set in the port Makefile.
>>>> 
>>>> I don't disagree with any point. Do you want to submit a PR so that
>>>> an exp-run of sorts can see how many distfiles we're talking about?
>>> 
>>> Antoine reminded me that this only affects makesum, so I guess there's
>>> really no way of telling what ports this would affect. Either way,
>>> your reasoning is sound and you've convinced me. I'm good with this
>>> change; as you said, worst-case scenario, ports with broken
>>> MASTER_SITES can override FETCH_ENV or a toggle can be added.
>> 
>> Committed in r436081.
>
> Can you please add a quick blurb about this to CHANGES?

Added in r436086.

More information about the freebsd-ports mailing list