[arch-dev-public] todo list for moving http -> https sources

Sébastien Luttringer seblu at seblu.net
Mon Oct 31 02:23:48 UTC 2016

On Sun, 2016-10-30 at 20:55 -0400, Dave Reisner wrote:
> Hi all,
> There's been a sizeable number of bugs filed over the past month or so
> about changin PKGBUILDs to acquire sources from https rather than http.
> Rather than continue to flood the bug tracker, would anyone mind if I
> wrote a script to find instances of this and start a TODO list?  This
> would, of course, be low priority. Even if no one does anything, we at
> least have a statement of work and can avoid having these "bugs"
> littered around flyspray.
> Unless there's strong opposition to this (and I'd be very interested to
> know why), I'll polish up my automation and create the list.
> d


The few BR that reached me also requested the addition of a .sig.
As I use a transparent http cache at home (2Mb/s bandwidth), so far I only
added the signature, and not the https as it breaks the cache.

Except the confidentiality of the request, what's the point to force https?


Sébastien "Seblu" Luttringer
https://seblu.net | Twitter: @seblu42
GPG: 0x2072D77A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 793 bytes
Desc: This is a digitally signed message part
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20161031/857d868a/attachment.asc>

More information about the arch-dev-public mailing list