From owner-svn-ports-head@freebsd.org  Sat Mar 10 09:58:09 2018
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9215BF2FEB5;
 Sat, 10 Mar 2018 09:58:09 +0000 (UTC)
 (envelope-from jbeich@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 39E906CEF8;
 Sat, 10 Mar 2018 09:58:09 +0000 (UTC)
 (envelope-from jbeich@freebsd.org)
Received: by freefall.freebsd.org (Postfix, from userid 1354)
 id 2DF531E289; Sat, 10 Mar 2018 09:58:09 +0000 (UTC)
From: Jan Beich <jbeich@FreeBSD.org>
To: Alexey Dokuchaev <danfe@FreeBSD.org>
Cc: Bryan Drewery <bdrewery@FreeBSD.org>,
 svn-ports-head@freebsd.org, svn-ports-all@freebsd.org,
 ports-committers@freebsd.org, Eitan Adler <eadler@FreeBSD.org>,
 "Danilo G. Baio" <dbaio@FreeBSD.org>
Subject: Re: svn commit: r464037 - head/irc/znc
References: <201803100016.w2A0GnR8013646@repo.freebsd.org>
 <fd8d2bb5-6235-f193-b8c5-e3cb37ea973d@FreeBSD.org>
 <20180310080202.GA18340@FreeBSD.org>
Date: Sat, 10 Mar 2018 10:58:04 +0100
In-Reply-To: <20180310080202.GA18340@FreeBSD.org> (Alexey Dokuchaev's message
 of "Sat, 10 Mar 2018 08:02:02 +0000")
Message-ID: <r2os-ntg3-wny@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Mar 2018 09:58:09 -0000

Alexey Dokuchaev <danfe@FreeBSD.org> writes:

> On Fri, Mar 09, 2018 at 05:58:31PM -0800, Bryan Drewery wrote:
>
>> This is a note in general, not specifically at you. But https for
>> distfiles only achieves 2 things: 1. Privacy against someone snooping
>> that you are downloading ZNC (is it really that important?) but still
>> can see your DNS and connections to the ZNC site... and 2. It breaks
>> proxy caching.  So I don't think MASTER_SITES should be converted to
>> https in general.  There's this odd push for it lately but I don't see
>> the benefit.
>
> Big +1 (HTTPS for distfiles is somewhat of a PITA for me as well).  Can
> we please go back to plain good HTTP?  SHA256 provides enough assurance
> against intermittent tampering with the distfiles.

"make makesum" has no MITM protection with HTTP. Maintainers may work
on updates outside of jail due to convenience and exposure to crazy
make.conf optimizations. Only after an update is ready it's tested in
a poudriere jail.