Date: Sat, 11 Mar 2017 10:32:20 -0800 From: Eitan Adler <lists@eitanadler.com> To: Tijl Coosemans <tijl@freebsd.org>, "ports-secteam@freebsd.org" <ports-secteam@freebsd.org> Cc: Ports Management Team <portmgr@freebsd.org>, FreeBSD Ports <ports@freebsd.org>, Gerald Pfeifer <gerald@pfeifer.com>, Jan Beich <jbeich@freebsd.org> Subject: Re: bsd.sites.mk: Do we prefer http or https (or both) Message-ID: <CAF6rxgneWn%2BCoxoqvvJT1hVQLXD9HMZWMusoNUuAayiGeSCFqw@mail.gmail.com> In-Reply-To: <20170311181339.58bcf2a8@kalimero.tijl.coosemans.org> References: <20170311113355.0f3f8b77@kalimero.tijl.coosemans.org> <20170311121851.715B55859@freefall.freebsd.org> <20170311181339.58bcf2a8@kalimero.tijl.coosemans.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 March 2017 at 09:13, Tijl Coosemans <tijl@freebsd.org> wrote: > On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbeich@freebsd.org (Jan Beich) wrote: >> Tijl Coosemans <tijl@FreeBSD.org> writes: >>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer <gerald@pfeifer.com> wrote: >>>> As some of you may have seen, I have done a bit of work on >>>> bsd.sites.mk recently. >>>> >>>> One question I ran into: If a site offers both HTTPS and HTTP, >>>> which of the two do we prefer? (Or do we want to list both?) >>> >>> https first for people that run 'make makesum'. >> >> It was made MITM-friendly sometime ago. >> >> https://svnweb.freebsd.org/changeset/ports/324051 > > Ugh, can portmgr approve the attached patch? I can't approve on behalf of portmgr but I'd like to echo this request on behalf of ports-secteam. Maintainers rarely verify the hashes that makesum generates. I wish we can go further and filter out non-HTTPS sites during makesum. -- Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgneWn%2BCoxoqvvJT1hVQLXD9HMZWMusoNUuAayiGeSCFqw>