On Mon, Aug 6, 2012 at 10:12 AM, Hannes Magnusson < [email protected]> wrote:
> On Sun, Aug 5, 2012 at 11:11 PM, Ferenc Kovacs <[email protected]> wrote: > > > > > > On Sun, Aug 5, 2012 at 11:24 PM, Hannes Magnusson > > <[email protected]> wrote: > >> > >> On Sun, Aug 5, 2012 at 8:52 PM, Ferenc Kovacs <[email protected]> wrote: > >> > Commit: 1511842d066ec52fe4df34dde839f79a5653288d > >> > Author: Ferenc Kovacs <[email protected]> Sun, 5 Aug 2012 > >> > 21:52:37 +0200 > >> > Parents: 855e5f7a7f479687dd265ad9f5140761c2a3f401 > >> > Branches: master > >> > > >> > Link: > >> > > http://git.php.net/?p=web/php.git;a=commitdiff;h=1511842d066ec52fe4df34dde839f79a5653288d > >> > > >> > Log: > >> > now that posttohost() supports ssl, we should use https here > >> > > >> > >> Have you verified all mirrors have ext/openssl enabled? > >> It needs to be an requirement if you need to change this. > > > > > > I assumed that it is available, as Rasmus switched to https once in the > past > > and only switched back to http as posttohost wasn't supporting https > > (http://svn.php.net/viewvc?view=revision&revision=322565) which I fixed > > recently. > > Now that you mention it, we don't have that as a requirement on > > http://www.php.net/mirroring.php so I guess there are mirrors without > having > > ssl support. > > Is there any convinient way to verify this? > > > Modify mirror-info.php[1], update the mirror-test[2] script.. and > modify the MySQL table, and the mirror status listing scripts. > > -Hannes > > [1] > http://git.php.net/?p=web/php.git;a=history;f=mirror-info.php;h=01fbec406ff5df61dc9edfaa2aa243cd496e15fa;hb=HEAD > [2] > http://git.php.net/?p=web/master.git;a=blob;f=scripts/mirror-test;h=465b9ef56303f2d119ff19ba2f5c879131a69c6b;hb=HEAD > the majority of the mirrors have openssl(87/100), but not all, here is the list of mirrors without openssl: at2.php.net cn2.php.net dk.php.net de2.php.net in2.php.net ie.php.net jp.php.net pa.php.net pt2.php.net md.php.net ro2.php.net si2.php.net tw.php.net Currently posttohost is used for the following scenarios: - posting user note submissions to master ( http://master.php.net/entry/user-note.php) - posting mailing list subscriptions to master ( http://master.php.net/entry/subscribe.php) - posting event submissions to master ( http://master.php.net/entry/event.php) - posting the account request submissions to master ( http://master.php.net/entry/svn-account.php) Sending the last one over http really worries me, so at least we should force that to happen over https (either adding ssl to all mirrors, or restricting/redirecting the account request to the mirrors with openssl). What do you think?
