svn commit: r464037 - head/irc/znc
Jan Beich
jbeich at FreeBSD.org
Sat Mar 10 09:58:09 UTC 2018
Alexey Dokuchaev <danfe at FreeBSD.org> writes:
> On Fri, Mar 09, 2018 at 05:58:31PM -0800, Bryan Drewery wrote:
>
>> This is a note in general, not specifically at you. But https for
>> distfiles only achieves 2 things: 1. Privacy against someone snooping
>> that you are downloading ZNC (is it really that important?) but still
>> can see your DNS and connections to the ZNC site... and 2. It breaks
>> proxy caching. So I don't think MASTER_SITES should be converted to
>> https in general. There's this odd push for it lately but I don't see
>> the benefit.
>
> Big +1 (HTTPS for distfiles is somewhat of a PITA for me as well). Can
> we please go back to plain good HTTP? SHA256 provides enough assurance
> against intermittent tampering with the distfiles.
"make makesum" has no MITM protection with HTTP. Maintainers may work
on updates outside of jail due to convenience and exposure to crazy
make.conf optimizations. Only after an update is ready it's tested in
a poudriere jail.
More information about the svn-ports-head
mailing list