From owner-freebsd-ports@freebsd.org  Mon Mar 13 13:06:20 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA432D07DFF
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Mon, 13 Mar 2017 13:06:20 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id C755916CA
 for <freebsd-ports@freebsd.org>; Mon, 13 Mar 2017 13:06:20 +0000 (UTC)
 (envelope-from mat@FreeBSD.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id C31CAD07DFA; Mon, 13 Mar 2017 13:06:20 +0000 (UTC)
Delivered-To: ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C29BCD07DF7;
 Mon, 13 Mar 2017 13:06:20 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (mx3.absolight.net
 [IPv6:2a01:678:2:100::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 603C616C9;
 Mon, 13 Mar 2017 13:06:20 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (localhost [127.0.0.1])
 by prod2.absolight.net (Postfix) with ESMTP id 1E420BDC91;
 Mon, 13 Mar 2017 14:06:17 +0100 (CET)
Received: from ogg.in.absolight.net (ogg.in.absolight.net [79.143.241.239])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by prod2.absolight.net (Postfix) with ESMTPSA id 4E30DBDC89;
 Mon, 13 Mar 2017 14:06:15 +0100 (CET)
Subject: Re: bsd.sites.mk: Do we prefer http or https (or both)
To: Eitan Adler <lists@eitanadler.com>, Tijl Coosemans <tijl@freebsd.org>,
 "ports-secteam@freebsd.org" <ports-secteam@freebsd.org>
References: <20170311113355.0f3f8b77@kalimero.tijl.coosemans.org>
 <20170311121851.715B55859@freefall.freebsd.org>
 <20170311181339.58bcf2a8@kalimero.tijl.coosemans.org>
 <CAF6rxgneWn+CoxoqvvJT1hVQLXD9HMZWMusoNUuAayiGeSCFqw@mail.gmail.com>
Cc: FreeBSD Ports <ports@freebsd.org>, Gerald Pfeifer <gerald@pfeifer.com>,
 Jan Beich <jbeich@freebsd.org>, Ports Management Team <portmgr@freebsd.org>
From: Mathieu Arnold <mat@FreeBSD.org>
Organization: Absolight / The FreeBSD Foundation
Message-ID: <34e570e8-c776-46c2-282e-4a8eb86494ba@FreeBSD.org>
Date: Mon, 13 Mar 2017 14:06:05 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0)
 Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CAF6rxgneWn+CoxoqvvJT1hVQLXD9HMZWMusoNUuAayiGeSCFqw@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="UpVXLFNUVf7mCCC6mINcKQc0XeCUwi4KG"
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 13:06:21 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--UpVXLFNUVf7mCCC6mINcKQc0XeCUwi4KG
Content-Type: multipart/mixed; boundary="NnSafco4jJQr1xNx2TF8MgDxX2q96h2x3";
 protected-headers="v1"
From: Mathieu Arnold <mat@FreeBSD.org>
To: Eitan Adler <lists@eitanadler.com>, Tijl Coosemans <tijl@freebsd.org>,
 "ports-secteam@freebsd.org" <ports-secteam@freebsd.org>
Cc: FreeBSD Ports <ports@freebsd.org>, Gerald Pfeifer <gerald@pfeifer.com>,
 Jan Beich <jbeich@freebsd.org>, Ports Management Team <portmgr@freebsd.org>
Message-ID: <34e570e8-c776-46c2-282e-4a8eb86494ba@FreeBSD.org>
Subject: Re: bsd.sites.mk: Do we prefer http or https (or both)
References: <20170311113355.0f3f8b77@kalimero.tijl.coosemans.org>
 <20170311121851.715B55859@freefall.freebsd.org>
 <20170311181339.58bcf2a8@kalimero.tijl.coosemans.org>
 <CAF6rxgneWn+CoxoqvvJT1hVQLXD9HMZWMusoNUuAayiGeSCFqw@mail.gmail.com>
In-Reply-To: <CAF6rxgneWn+CoxoqvvJT1hVQLXD9HMZWMusoNUuAayiGeSCFqw@mail.gmail.com>

--NnSafco4jJQr1xNx2TF8MgDxX2q96h2x3
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Le 11/03/2017 =C3=A0 19:32, Eitan Adler a =C3=A9crit :
> On 11 March 2017 at 09:13, Tijl Coosemans <tijl@freebsd.org> wrote:
>> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbeich@freebsd.org (Jan Beich=
) wrote:
>>> Tijl Coosemans <tijl@FreeBSD.org> writes:
>>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer <gerald@pfei=
fer.com> wrote:
>>>>> As some of you may have seen, I have done a bit of work on
>>>>> bsd.sites.mk recently.
>>>>>
>>>>> One question I ran into:  If a site offers both HTTPS and HTTP,
>>>>> which of the two do we prefer?  (Or do we want to list both?)
>>>> https first for people that run 'make makesum'.
>>> It was made MITM-friendly sometime ago.
>>>
>>> https://svnweb.freebsd.org/changeset/ports/324051
>> Ugh, can portmgr approve the attached patch?
> I can't approve on behalf of portmgr but I'd like to echo this
> request on behalf of ports-secteam. Maintainers rarely verify the
> hashes that makesum generates.
>
> I wish we can go further and filter out non-HTTPS sites during makesum.=


This should be pretty easy to do with the existing MASTER_SORT feature.

--=20
Mathieu Arnold



--NnSafco4jJQr1xNx2TF8MgDxX2q96h2x3--

--UpVXLFNUVf7mCCC6mINcKQc0XeCUwi4KG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJYxplEXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz
QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85I30cQAKJaGKGhwJORRkC1h9gvvW4i
tul9s+ylXu9WH04Agdrzc4UAx0IXnn1UDbsJ+nOEeV8gZ71ImU+TeNkMGfq61CEh
NkvnYiaQD7NzrCnJdF5XB3YHkK5v5eNRa7lvp5lf6yz037AJbGOBlHaNzxdEqSkJ
5rMGhkaBx10/WBMrQuV0PaevDCjHW4tvYR4Z6+PpyNioQibJJRTST2KaxMWzO7fN
TaZSUM4Ys9lW57WI0dwE1t/P/hO1uiZSxe4c1+E/6LJNLO6CX6Mbk/fmxYQhkbWZ
SP8pH4tEICy9VTg/4EtGXr4haKq3oSZRzrBM8hfHEZnxJvAkbVprtbiRKrOTaMsf
5Y9mEQQEl+njel0icy56PXxTJSSAAaTG3Yrrd6pwIt7RYlMM4/jJikfrEZOq1VOM
kTGj2MrfMxZbyJyn1/id6eKQslCz9CQCYzTbk3jAVxGVv7JLJ+K0tGFFBt2jSiYW
Vxod6K0eBGu7QmkoKujnm7fUBAJb8U4cqpbCDoN9NnHodfZl8XguRvm3A3RkFe6D
EWVe8UiV3hrw6S5QF1YAn8FF0SLAd9K8X3WwYsDjGay8EQ4KaAz8AZgwTrkWPsQm
EDLTdo2AIA42ZqzsdHzTgTCUIgChnfmv9gpd21a6DrUVQLp6XjYJYUIzcrLDvTjK
5M2uWA/O9gPzbKDgj/1d
=Yu86
-----END PGP SIGNATURE-----

--UpVXLFNUVf7mCCC6mINcKQc0XeCUwi4KG--