From owner-freebsd-ports@freebsd.org Mon Mar 13 13:33:53 2017 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 77EB7D088B3 for ; Mon, 13 Mar 2017 13:33:53 +0000 (UTC) (envelope-from tijl@freebsd.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 5B67C1818 for ; Mon, 13 Mar 2017 13:33:53 +0000 (UTC) (envelope-from tijl@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 57C2ED088B1; Mon, 13 Mar 2017 13:33:53 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 55B72D088B0 for ; Mon, 13 Mar 2017 13:33:53 +0000 (UTC) (envelope-from tijl@freebsd.org) Received: from mailrelay115.isp.belgacom.be (mailrelay115.isp.belgacom.be [195.238.20.142]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (Client CN "relay.skynet.be", Issuer "GlobalSign Organization Validation CA - SHA256 - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 647681816; Mon, 13 Mar 2017 13:33:52 +0000 (UTC) (envelope-from tijl@freebsd.org) X-Belgacom-Dynamic: yes X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2B3BQB0nsZY/0nD8VFdGwEBAQMBAQEJA?= =?us-ascii?q?QEBg1FBEBCBCo1uc5BbKQGVEYIOKoV4AoJQQBgBAgEBAQEBAQFrKIUWAQU6HCM?= =?us-ascii?q?QCxgJJQ8qHgYTigQKsG+KVQEBAQEBAQEDAQEBAQEBIos9ijkFlWuGVoZ2izZ2i?= =?us-ascii?q?yiFFJNDHziBBDksCEGEVx2BZD81iVMBAQE?= X-IPAS-Result: =?us-ascii?q?A2B3BQB0nsZY/0nD8VFdGwEBAQMBAQEJAQEBg1FBEBCBCo1?= =?us-ascii?q?uc5BbKQGVEYIOKoV4AoJQQBgBAgEBAQEBAQFrKIUWAQU6HCMQCxgJJQ8qHgYTi?= =?us-ascii?q?gQKsG+KVQEBAQEBAQEDAQEBAQEBIos9ijkFlWuGVoZ2izZ2iyiFFJNDHziBBDk?= =?us-ascii?q?sCEGEVx2BZD81iVMBAQE?= Received: from 73.195-241-81.adsl-dyn.isp.belgacom.be (HELO kalimero.tijl.coosemans.org) ([81.241.195.73]) by relay.skynet.be with ESMTP; 13 Mar 2017 14:32:37 +0100 Received: from kalimero.tijl.coosemans.org (kalimero.tijl.coosemans.org [127.0.0.1]) by kalimero.tijl.coosemans.org (8.15.2/8.15.2) with ESMTP id v2DDWa7k016329; Mon, 13 Mar 2017 14:32:36 +0100 (CET) (envelope-from tijl@FreeBSD.org) Date: Mon, 13 Mar 2017 14:32:36 +0100 From: Tijl Coosemans To: Adam Weinberger Cc: freebsd-ports , gerald@pfeifer.com, Jan Beich , FreeBSD Ports Management Team Subject: Re: bsd.sites.mk: Do we prefer http or https (or both) Message-ID: <20170313143236.6d5a3540@kalimero.tijl.coosemans.org> In-Reply-To: <6E5B500B-DBF5-4D57-A624-BAF5F5709980@adamw.org> References: <20170311113355.0f3f8b77@kalimero.tijl.coosemans.org> <20170311121851.715B55859@freefall.freebsd.org> <20170311181339.58bcf2a8@kalimero.tijl.coosemans.org> <727BA28F-ECA5-4094-B1D1-E8F122770D56@adamw.org> <20170311202911.4dccde2f@kalimero.tijl.coosemans.org> <6E5B500B-DBF5-4D57-A624-BAF5F5709980@adamw.org> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Mar 2017 13:33:53 -0000 On Sat, 11 Mar 2017 14:25:13 -0700 Adam Weinberger wrote: >> On 11 Mar, 2017, at 12:53, Adam Weinberger wrote: >>> On 11 Mar, 2017, at 12:29, Tijl Coosemans wrote: >>> On Sat, 11 Mar 2017 10:18:18 -0700 Adam Weinberger >>> wrote: >>>> On 11 Mar, 2017, at 10:13, Tijl Coosemans >>>> wrote: >>>>> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbeich@freebsd.org (Jan >>>>> Beich) wrote: >>>>>> Tijl Coosemans writes: >>>>>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer >>>>>>> wrote: >>>>>>>> As some of you may have seen, I have done a bit of work on >>>>>>>> bsd.sites.mk recently. >>>>>>>> >>>>>>>> One question I ran into: If a site offers both HTTPS and >>>>>>>> HTTP, which of the two do we prefer? (Or do we want to list >>>>>>>> both?) >>>>>>> >>>>>>> https first for people that run 'make makesum'. >>>>>> >>>>>> It was made MITM-friendly sometime ago. >>>>>> >>>>>> https://svnweb.freebsd.org/changeset/ports/324051 >>>>> >>>>> Ugh, can portmgr approve the attached patch? >>>> >>>> If distfiles from sites with invalid certificates won't fetch for >>>> end-users, they won't fetch during makesum either. >>> >>> - Given that web browsers have become much less forgiving about such >>> certificates this is probably much less of a problem nowadays. >>> - Possibly, many of these errors are because users forgot to install >>> ca_root_nss. We can hold port maintainers to a higher standard and >>> expect them to have this installed. >>> - Such sites should perhaps be removed from MASTER_SITES. If >>> that's not possible FETCH_ENV can be set in the port Makefile. >> >> I don't disagree with any point. Do you want to submit a PR so that >> an exp-run of sorts can see how many distfiles we're talking about? > > Antoine reminded me that this only affects makesum, so I guess there's > really no way of telling what ports this would affect. Either way, > your reasoning is sound and you've convinced me. I'm good with this > change; as you said, worst-case scenario, ports with broken > MASTER_SITES can override FETCH_ENV or a toggle can be added. Committed in r436081.