On 11 March 2017 at 09:13, Tijl Coosemans <[email protected]> wrote: > On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) [email protected] (Jan Beich) wrote: >> Tijl Coosemans <[email protected]> writes: >>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer >>> <[email protected]> wrote: >>>> As some of you may have seen, I have done a bit of work on >>>> bsd.sites.mk recently. >>>> >>>> One question I ran into: If a site offers both HTTPS and HTTP, >>>> which of the two do we prefer? (Or do we want to list both?) >>> >>> https first for people that run 'make makesum'. >> >> It was made MITM-friendly sometime ago. >> >> https://svnweb.freebsd.org/changeset/ports/324051 > > Ugh, can portmgr approve the attached patch?
I can't approve on behalf of portmgr but I'd like to echo this request on behalf of ports-secteam. Maintainers rarely verify the hashes that makesum generates. I wish we can go further and filter out non-HTTPS sites during makesum. -- Eitan Adler _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[email protected]"
