Date: Sat, 11 Mar 2017 14:25:13 -0700 From: Adam Weinberger <adamw@adamw.org> To: Tijl Coosemans <tijl@freebsd.org> Cc: freebsd-ports <ports@FreeBSD.org>, gerald@pfeifer.com, Jan Beich <jbeich@freebsd.org>, FreeBSD Ports Management Team <portmgr@FreeBSD.org> Subject: Re: bsd.sites.mk: Do we prefer http or https (or both) Message-ID: <6E5B500B-DBF5-4D57-A624-BAF5F5709980@adamw.org> In-Reply-To: <E40CCC7F-07C9-40AF-9CB3-7D0B730E2FD1@adamw.org> References: <20170311113355.0f3f8b77@kalimero.tijl.coosemans.org> <20170311121851.715B55859@freefall.freebsd.org> <20170311181339.58bcf2a8@kalimero.tijl.coosemans.org> <727BA28F-ECA5-4094-B1D1-E8F122770D56@adamw.org> <20170311202911.4dccde2f@kalimero.tijl.coosemans.org> <E40CCC7F-07C9-40AF-9CB3-7D0B730E2FD1@adamw.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 11 Mar, 2017, at 12:53, Adam Weinberger <adamw@adamw.org> wrote: >=20 >> On 11 Mar, 2017, at 12:29, Tijl Coosemans <tijl@freebsd.org> wrote: >>=20 >> On Sat, 11 Mar 2017 10:18:18 -0700 Adam Weinberger <adamw@adamw.org> >> wrote: >>> On 11 Mar, 2017, at 10:13, Tijl Coosemans <tijl@FreeBSD.org> wrote: >>>> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbeich@freebsd.org (Jan >>>> Beich) wrote: =20 >>>>> Tijl Coosemans <tijl@FreeBSD.org> writes: =20 >>>>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer >>>>>> <gerald@pfeifer.com> wrote: =20 >>>>>>> As some of you may have seen, I have done a bit of work on >>>>>>> bsd.sites.mk recently. >>>>>>>=20 >>>>>>> One question I ran into: If a site offers both HTTPS and HTTP,=20= >>>>>>> which of the two do we prefer? (Or do we want to list both?) =20= >>>>>>=20 >>>>>> https first for people that run 'make makesum'. =20 >>>>>=20 >>>>> It was made MITM-friendly sometime ago. >>>>>=20 >>>>> https://svnweb.freebsd.org/changeset/ports/324051 =20 >>>>=20 >>>> Ugh, can portmgr approve the attached >>>> = patch?<fetchenv.patch>_______________________________________________ =20= >>>=20 >>> If distfiles from sites with invalid certificates won't fetch for >>> end-users, they won't fetch during makesum either. >>=20 >> - Given that web browsers have become much less forgiving about such >> certificates this is probably much less of a problem nowadays. >> - Possibly, many of these errors are because users forgot to install >> ca_root_nss. We can hold port maintainers to a higher standard and >> expect them to have this installed. >> - Such sites should perhaps be removed from MASTER_SITES. If that's = not >> possible FETCH_ENV can be set in the port Makefile. >=20 > I don't disagree with any point. Do you want to submit a PR so that an = exp-run of sorts can see how many distfiles we're talking about? Antoine reminded me that this only affects makesum, so I guess there's = really no way of telling what ports this would affect. Either way, your = reasoning is sound and you've convinced me. I'm good with this change; = as you said, worst-case scenario, ports with broken MASTER_SITES can = override FETCH_ENV or a toggle can be added. # Adam --=20 Adam Weinberger adamw@adamw.org https://www.adamw.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6E5B500B-DBF5-4D57-A624-BAF5F5709980>