Package: devscripts Version: 2.15.8 Severity: minor Tags: patch The current behavior of uscan is to redirect https://pypi.python.org to http://pypi.debian.net, which is not nice from security point of view.
Piotr Ożarowski added https support to pypi.debian.net redirector today, so we can now redirect to https version. One-line patch attached. -- Dmitry Shachnev
From 3e9eac0966b92350809d403faa12f9d364c69a04 Mon Sep 17 00:00:00 2001 From: Dmitry Shachnev <[email protected]> Date: Tue, 25 Aug 2015 14:48:42 +0300 Subject: [PATCH] uscan: Use https protocol for pypi.debian.net redirector, now that it is available. --- debian/changelog | 4 ++++ scripts/uscan.pl | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 3a51976..fffc072 100644 --- a/debian/changelog +++ b/debian/changelog @@ -34,6 +34,10 @@ devscripts (2.15.9) UNRELEASED; urgency=medium been merged into buildd.debian.org and downloading from both locations causes duplicate downloads. (Closes: #796506) + [ Dmitry Shachnev ] + * uscan: Use https protocol for pypi.debian.net redirector, now that it + is available. + -- Joachim Breitner <[email protected]> Tue, 11 Aug 2015 21:12:03 +0200 devscripts (2.15.8) unstable; urgency=high diff --git a/scripts/uscan.pl b/scripts/uscan.pl index bfb7211..02c6494 100755 --- a/scripts/uscan.pl +++ b/scripts/uscan.pl @@ -894,7 +894,7 @@ sub process_watchline ($$$$$$) $filepattern .= '(?:\?.*)?'; } # Handle pypi.python.org addresses specially - $base =~ s%^https?://pypi\.python\.org/packages/source/./%http://pypi.debian.net/%; + $base =~ s%^https?://pypi\.python\.org/packages/source/./%https://pypi.debian.net/%; if ($base =~ m%^(\w+://[^/]+)%) { $site = $1; -- 2.5.0
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
