[arch-dev-public] todo list for moving http -> https sources
Sébastien Luttringer
seblu at seblu.net
Mon Oct 31 02:23:48 UTC 2016
On Sun, 2016-10-30 at 20:55 -0400, Dave Reisner wrote:
> Hi all,
>
> There's been a sizeable number of bugs filed over the past month or so
> about changin PKGBUILDs to acquire sources from https rather than http.
> Rather than continue to flood the bug tracker, would anyone mind if I
> wrote a script to find instances of this and start a TODO list? This
> would, of course, be low priority. Even if no one does anything, we at
> least have a statement of work and can avoid having these "bugs"
> littered around flyspray.
>
> Unless there's strong opposition to this (and I'd be very interested to
> know why), I'll polish up my automation and create the list.
>
> d
Hello,
The few BR that reached me also requested the addition of a .sig.
As I use a transparent http cache at home (2Mb/s bandwidth), so far I only
added the signature, and not the https as it breaks the cache.
Except the confidentiality of the request, what's the point to force https?
Cheers,
--
Sébastien "Seblu" Luttringer
https://seblu.net | Twitter: @seblu42
GPG: 0x2072D77A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 793 bytes
Desc: This is a digitally signed message part
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20161031/857d868a/attachment.asc>
More information about the arch-dev-public
mailing list