From owner-freebsd-ports@freebsd.org  Sat Mar 11 21:25:18 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 22539D08AEF
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Sat, 11 Mar 2017 21:25:18 +0000 (UTC) (envelope-from adamw@adamw.org)
Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 0D75F10CD
 for <freebsd-ports@freebsd.org>; Sat, 11 Mar 2017 21:25:18 +0000 (UTC)
 (envelope-from adamw@adamw.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 0CCF4D08AEE; Sat, 11 Mar 2017 21:25:18 +0000 (UTC)
Delivered-To: ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C75BD08AED
 for <ports@mailman.ysv.freebsd.org>; Sat, 11 Mar 2017 21:25:18 +0000 (UTC)
 (envelope-from adamw@adamw.org)
Received: from anoxia.adamw.org (anoxia.adamw.org [104.225.8.149])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "anoxia.adamw.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6E7EC10CC;
 Sat, 11 Mar 2017 21:25:16 +0000 (UTC) (envelope-from adamw@adamw.org)
Received: by anoxia.adamw.org (OpenSMTPD) with ESMTPSA id c234eead
 TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO;
 Sat, 11 Mar 2017 14:25:15 -0700 (MST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: bsd.sites.mk: Do we prefer http or https (or both)
From: Adam Weinberger <adamw@adamw.org>
In-Reply-To: <E40CCC7F-07C9-40AF-9CB3-7D0B730E2FD1@adamw.org>
Date: Sat, 11 Mar 2017 14:25:13 -0700
Cc: freebsd-ports <ports@FreeBSD.org>, gerald@pfeifer.com,
 Jan Beich <jbeich@freebsd.org>,
 FreeBSD Ports Management Team <portmgr@FreeBSD.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6E5B500B-DBF5-4D57-A624-BAF5F5709980@adamw.org>
References: <20170311113355.0f3f8b77@kalimero.tijl.coosemans.org>
 <20170311121851.715B55859@freefall.freebsd.org>
 <20170311181339.58bcf2a8@kalimero.tijl.coosemans.org>
 <727BA28F-ECA5-4094-B1D1-E8F122770D56@adamw.org>
 <20170311202911.4dccde2f@kalimero.tijl.coosemans.org>
 <E40CCC7F-07C9-40AF-9CB3-7D0B730E2FD1@adamw.org>
To: Tijl Coosemans <tijl@freebsd.org>
X-Mailer: Apple Mail (2.3259)
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Mar 2017 21:25:18 -0000

> On 11 Mar, 2017, at 12:53, Adam Weinberger <adamw@adamw.org> wrote:
>=20
>> On 11 Mar, 2017, at 12:29, Tijl Coosemans <tijl@freebsd.org> wrote:
>>=20
>> On Sat, 11 Mar 2017 10:18:18 -0700 Adam Weinberger <adamw@adamw.org>
>> wrote:
>>> On 11 Mar, 2017, at 10:13, Tijl Coosemans <tijl@FreeBSD.org> wrote:
>>>> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbeich@freebsd.org (Jan
>>>> Beich) wrote: =20
>>>>> Tijl Coosemans <tijl@FreeBSD.org> writes: =20
>>>>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer
>>>>>> <gerald@pfeifer.com> wrote: =20
>>>>>>> As some of you may have seen, I have done a bit of work on
>>>>>>> bsd.sites.mk recently.
>>>>>>>=20
>>>>>>> One question I ran into:  If a site offers both HTTPS and HTTP,=20=

>>>>>>> which of the two do we prefer?  (Or do we want to list both?)   =20=

>>>>>>=20
>>>>>> https first for people that run 'make makesum'.   =20
>>>>>=20
>>>>> It was made MITM-friendly sometime ago.
>>>>>=20
>>>>> https://svnweb.freebsd.org/changeset/ports/324051 =20
>>>>=20
>>>> Ugh, can portmgr approve the attached
>>>> =
patch?<fetchenv.patch>_______________________________________________ =20=

>>>=20
>>> If distfiles from sites with invalid certificates won't fetch for
>>> end-users, they won't fetch during makesum either.
>>=20
>> - Given that web browsers have become much less forgiving about such
>> certificates this is probably much less of a problem nowadays.
>> - Possibly, many of these errors are because users forgot to install
>> ca_root_nss.  We can hold port maintainers to a higher standard and
>> expect them to have this installed.
>> - Such sites should perhaps be removed from MASTER_SITES.  If that's =
not
>> possible FETCH_ENV can be set in the port Makefile.
>=20
> I don't disagree with any point. Do you want to submit a PR so that an =
exp-run of sorts can see how many distfiles we're talking about?

Antoine reminded me that this only affects makesum, so I guess there's =
really no way of telling what ports this would affect. Either way, your =
reasoning is sound and you've convinced me. I'm good with this change; =
as you said, worst-case scenario, ports with broken MASTER_SITES can =
override FETCH_ENV or a toggle can be added.

# Adam


--=20
Adam Weinberger
adamw@adamw.org
https://www.adamw.org