I can see that this is hosted on a University website, but is there a
policy for using non-official mirrors?
This seems like it opens up a lot of potential security problems IMO.
Not only could the third-party mirror be easy to compromise, but how
would be assure we don't use a malicious mirror? Or that a malicious
contributer doesn't add a deliberatively tainted mirror?
In short, is there some sort of policy on when and how we use
third-party mirrors? Is security considerations part of the policy?
Kind Regards,
Emil Petersen
On 05/09/13 13:54, Javier Viguera wrote:
The package is no longer available in the official cherokee site,
so download it from a mirror.
Signed-off-by: Javier Viguera<[email protected]>
---
Notes:
To be cherry-picked to Dylan as well.
meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb
b/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb
index 265e24e..4b2d68d 100644
--- a/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb
+++ b/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb
@@ -9,7 +9,7 @@ PR = "r9"
DEPENDS = "libpcre openssl mysql5 ${@base_contains('DISTRO_FEATURES', 'pam',
'libpam', '', d)}"
-SRC_URI =
"http://www.cherokee-project.com/download/1.2/${PV}/cherokee-${PV}.tar.gz \
+SRC_URI = "ftp://ftp.osuosl.org/.1/cherokee/1.2/${PV}/cherokee-${PV}.tar.gz \
file://cherokee.init \
file://cherokee.service \
"
_______________________________________________
Openembedded-devel mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
_______________________________________________
Openembedded-devel mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
