From owner-freebsd-ports@freebsd.org  Mon Mar 13 15:32:18 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3C6DAD0AF1B
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Mon, 13 Mar 2017 15:32:18 +0000 (UTC) (envelope-from adamw@adamw.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 264461D73
 for <freebsd-ports@freebsd.org>; Mon, 13 Mar 2017 15:32:18 +0000 (UTC)
 (envelope-from adamw@adamw.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 25419D0AF1A; Mon, 13 Mar 2017 15:32:18 +0000 (UTC)
Delivered-To: ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 24EF7D0AF19
 for <ports@mailman.ysv.freebsd.org>; Mon, 13 Mar 2017 15:32:18 +0000 (UTC)
 (envelope-from adamw@adamw.org)
Received: from anoxia.adamw.org (anoxia.adamw.org [104.225.8.149])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "anoxia.adamw.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 910F31D6E;
 Mon, 13 Mar 2017 15:32:16 +0000 (UTC) (envelope-from adamw@adamw.org)
Received: by anoxia.adamw.org (OpenSMTPD) with ESMTPSA id 1fa7b716
 TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO;
 Mon, 13 Mar 2017 09:32:15 -0600 (MDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: bsd.sites.mk: Do we prefer http or https (or both)
From: Adam Weinberger <adamw@adamw.org>
In-Reply-To: <20170313143236.6d5a3540@kalimero.tijl.coosemans.org>
Date: Mon, 13 Mar 2017 09:32:13 -0600
Cc: freebsd-ports <ports@FreeBSD.org>, gerald@pfeifer.com,
 Jan Beich <jbeich@freebsd.org>,
 FreeBSD Ports Management Team <portmgr@FreeBSD.org>
Content-Transfer-Encoding: 7bit
Message-Id: <9EDC27DB-8181-43B3-BC92-0AB432A54FB2@adamw.org>
References: <20170311113355.0f3f8b77@kalimero.tijl.coosemans.org>
 <20170311121851.715B55859@freefall.freebsd.org>
 <20170311181339.58bcf2a8@kalimero.tijl.coosemans.org>
 <727BA28F-ECA5-4094-B1D1-E8F122770D56@adamw.org>
 <20170311202911.4dccde2f@kalimero.tijl.coosemans.org>
 <E40CCC7F-07C9-40AF-9CB3-7D0B730E2FD1@adamw.org>
 <6E5B500B-DBF5-4D57-A624-BAF5F5709980@adamw.org>
 <20170313143236.6d5a3540@kalimero.tijl.coosemans.org>
To: Tijl Coosemans <tijl@freebsd.org>
X-Mailer: Apple Mail (2.3259)
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 15:32:18 -0000

> On 13 Mar, 2017, at 7:32, Tijl Coosemans <tijl@freebsd.org> wrote:
> 
> On Sat, 11 Mar 2017 14:25:13 -0700 Adam Weinberger <adamw@adamw.org>
> wrote:
>>> On 11 Mar, 2017, at 12:53, Adam Weinberger <adamw@adamw.org> wrote:
>>>> On 11 Mar, 2017, at 12:29, Tijl Coosemans <tijl@freebsd.org> wrote:
>>>> On Sat, 11 Mar 2017 10:18:18 -0700 Adam Weinberger <adamw@adamw.org>
>>>> wrote:
>>>>> On 11 Mar, 2017, at 10:13, Tijl Coosemans <tijl@FreeBSD.org>
>>>>> wrote:
>>>>>> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbeich@freebsd.org (Jan
>>>>>> Beich) wrote:
>>>>>>> Tijl Coosemans <tijl@FreeBSD.org> writes:
>>>>>>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer
>>>>>>>> <gerald@pfeifer.com> wrote:
>>>>>>>>> As some of you may have seen, I have done a bit of work on
>>>>>>>>> bsd.sites.mk recently.
>>>>>>>>> 
>>>>>>>>> One question I ran into:  If a site offers both HTTPS and
>>>>>>>>> HTTP, which of the two do we prefer?  (Or do we want to list
>>>>>>>>> both?)
>>>>>>>> 
>>>>>>>> https first for people that run 'make makesum'.
>>>>>>> 
>>>>>>> It was made MITM-friendly sometime ago.
>>>>>>> 
>>>>>>> https://svnweb.freebsd.org/changeset/ports/324051
>>>>>> 
>>>>>> Ugh, can portmgr approve the attached patch?<fetchenv.patch>
>>>>> 
>>>>> If distfiles from sites with invalid certificates won't fetch for
>>>>> end-users, they won't fetch during makesum either.
>>>> 
>>>> - Given that web browsers have become much less forgiving about such
>>>>  certificates this is probably much less of a problem nowadays.
>>>> - Possibly, many of these errors are because users forgot to install
>>>>  ca_root_nss.  We can hold port maintainers to a higher standard and
>>>>  expect them to have this installed.
>>>> - Such sites should perhaps be removed from MASTER_SITES.  If
>>>>  that's not possible FETCH_ENV can be set in the port Makefile.
>>> 
>>> I don't disagree with any point. Do you want to submit a PR so that
>>> an exp-run of sorts can see how many distfiles we're talking about?
>> 
>> Antoine reminded me that this only affects makesum, so I guess there's
>> really no way of telling what ports this would affect. Either way,
>> your reasoning is sound and you've convinced me. I'm good with this
>> change; as you said, worst-case scenario, ports with broken
>> MASTER_SITES can override FETCH_ENV or a toggle can be added.
> 
> Committed in r436081.

Can you please add a quick blurb about this to CHANGES?

# Adam


-- 
Adam Weinberger
adamw@adamw.org
https://www.adamw.org