[arch-dev-public] todo list for moving http -> https sources
seblu at seblu.net
Mon Oct 31 02:23:48 UTC 2016
On Sun, 2016-10-30 at 20:55 -0400, Dave Reisner wrote:
> Hi all,
> There's been a sizeable number of bugs filed over the past month or so
> about changin PKGBUILDs to acquire sources from https rather than http.
> Rather than continue to flood the bug tracker, would anyone mind if I
> wrote a script to find instances of this and start a TODO list? This
> would, of course, be low priority. Even if no one does anything, we at
> least have a statement of work and can avoid having these "bugs"
> littered around flyspray.
> Unless there's strong opposition to this (and I'd be very interested to
> know why), I'll polish up my automation and create the list.
The few BR that reached me also requested the addition of a .sig.
As I use a transparent http cache at home (2Mb/s bandwidth), so far I only
added the signature, and not the https as it breaks the cache.
Except the confidentiality of the request, what's the point to force https?
Sébastien "Seblu" Luttringer
https://seblu.net | Twitter: @seblu42
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 793 bytes
Desc: This is a digitally signed message part
More information about the arch-dev-public