Date: Sat, 11 Mar 2017 12:53:01 -0700 From: Adam Weinberger <adamw@adamw.org> To: Tijl Coosemans <tijl@freebsd.org> Cc: freebsd-ports <ports@FreeBSD.org>, gerald@pfeifer.com, Jan Beich <jbeich@freebsd.org>, FreeBSD Ports Management Team <portmgr@FreeBSD.org> Subject: Re: bsd.sites.mk: Do we prefer http or https (or both) Message-ID: <E40CCC7F-07C9-40AF-9CB3-7D0B730E2FD1@adamw.org> In-Reply-To: <20170311202911.4dccde2f@kalimero.tijl.coosemans.org> References: <20170311113355.0f3f8b77@kalimero.tijl.coosemans.org> <20170311121851.715B55859@freefall.freebsd.org> <20170311181339.58bcf2a8@kalimero.tijl.coosemans.org> <727BA28F-ECA5-4094-B1D1-E8F122770D56@adamw.org> <20170311202911.4dccde2f@kalimero.tijl.coosemans.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 11 Mar, 2017, at 12:29, Tijl Coosemans <tijl@freebsd.org> wrote: >=20 > On Sat, 11 Mar 2017 10:18:18 -0700 Adam Weinberger <adamw@adamw.org> > wrote: >> On 11 Mar, 2017, at 10:13, Tijl Coosemans <tijl@FreeBSD.org> wrote: >>> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbeich@freebsd.org (Jan >>> Beich) wrote: =20 >>>> Tijl Coosemans <tijl@FreeBSD.org> writes: =20 >>>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer >>>>> <gerald@pfeifer.com> wrote: =20 >>>>>> As some of you may have seen, I have done a bit of work on >>>>>> bsd.sites.mk recently. >>>>>>=20 >>>>>> One question I ran into: If a site offers both HTTPS and HTTP,=20= >>>>>> which of the two do we prefer? (Or do we want to list both?) =20= >>>>>=20 >>>>> https first for people that run 'make makesum'. =20 >>>>=20 >>>> It was made MITM-friendly sometime ago. >>>>=20 >>>> https://svnweb.freebsd.org/changeset/ports/324051 =20 >>>=20 >>> Ugh, can portmgr approve the attached >>> = patch?<fetchenv.patch>_______________________________________________ =20= >>=20 >> If distfiles from sites with invalid certificates won't fetch for >> end-users, they won't fetch during makesum either. >=20 > - Given that web browsers have become much less forgiving about such > certificates this is probably much less of a problem nowadays. > - Possibly, many of these errors are because users forgot to install > ca_root_nss. We can hold port maintainers to a higher standard and > expect them to have this installed. > - Such sites should perhaps be removed from MASTER_SITES. If that's = not > possible FETCH_ENV can be set in the port Makefile. I don't disagree with any point. Do you want to submit a PR so that an = exp-run of sorts can see how many distfiles we're talking about? # Adam --=20 Adam Weinberger adamw@adamw.org https://www.adamw.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E40CCC7F-07C9-40AF-9CB3-7D0B730E2FD1>