Package: xul-ext-https-everywhere
Severity: wishlist

I've been submitting changes to the rules for debian.org/debian.net as
DSA add more SSL-enabled domains[1]. I'm not sure if upstream will make
a release containing them in time for the jessie release so I thought I
would submit a diff against 3.5.3 so we can at least have recent Debian
rules. My most recent patch hasn't yet been accepted but I guess it will
since previous ones were accepted. The attached patch includes the patch
that hasn't yet been accepted upstream, hopefully that is OK.

     1. 
https://anonscm.debian.org/gitweb/?p=mirror/dsa-puppet.git;a=tree;f=modules/ssl/files/servicecerts

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
diff --git a/src/chrome/content/rules/Debian-self-signed.xml b/src/chrome/content/rules/Debian-self-signed.xml
new file mode 100644
index 0000000..2d6cb0e
--- /dev/null
+++ b/src/chrome/content/rules/Debian-self-signed.xml
@@ -0,0 +1,28 @@
+<!--
+	For rules that are on by default, see Debian.xml.
+
+
+	Fully covered domains:
+
+		- mentors.debian.net
+		- paste.debian.net
+
+-->
+<ruleset name="Debian (self-signed)" default_off="self-signed">
+
+	<target host="*.debian.net" />
+		<!--exclusion pattern="^http://screenshots\.debian\.net/"; /-->
+		<!--
+			Nonfunctional:
+					-->
+		<!--exclusion pattern="^http://(ca|incoming|popcon|search)\.debian\.org/" /-->
+		<!--
+			Handled in Debian.xml:
+						-->
+		<!--exclusion pattern="^http://((?:anonscm|(?:[^/:@]+\.)?alioth|arch|bits|bugs(?:-master)?|buildd|bzr|contributors|cvs|darcs|db|dsa|ftp-master|git|hg|lintian|lists|munin|nagios|nm|openstack\.bm|packages|people|piuparts|puppet-dashboard|(?:packages\.)?qa|release|rt|rtc|security-(?:tracker|master)|sip-ws|sso|svn|tracker|udd|vote|wiki|www)\.)?debian\.org/" /-->
+
+
+	<rule from="^http://(mentors|paste)\.debian\.net/"
+		to="https://$1.debian.net/"; />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Debian.xml b/src/chrome/content/rules/Debian.xml
index 154a8fd..bce5d60 100644
--- a/src/chrome/content/rules/Debian.xml
+++ b/src/chrome/content/rules/Debian.xml
@@ -9,24 +9,14 @@
 
 	Nonfunctional domains:
 
-		- screenshots.debian.net ¹
-
 		- debian.org subdomains:
 
-			- anonscm ²
 			- ca		(shows db; mismatched, CN: db.debian.org)
-			- cvs ²
 			- incoming	(shows ftp-master; mismatched, CN: ftp-master.debian.org)
-			- people	(reset; people.debian.org/~joerg/ is displayed
-					after fetching gpg.ganneff.de over http...)
 			- popcon ¹
-			- qa ¹
-			- packages.qa ¹
 			- search	(shows www; mismatched, CN: debian.org)
-			- svn ²
 
 	¹ Refused
-	² Shows alioth; mismatched, CN: alioth.debian.org
 
 
 	Problematic domains:
@@ -36,12 +26,9 @@
 
 		- debian.org subdomains:
 
-			- alioth ¹
-			- lists.alioth ²
 			- cdimage	(refused)
 
 	¹ Works, self-signed
-	² Works, self-signed, mismatched, CN: alioth.debian.org
 
 
 	Partially covered domains:
@@ -60,6 +47,7 @@
 		- nagios
 		- nm
 		- wiki
+                - ...
 
 
 	altnames that don't exist:
@@ -89,7 +77,7 @@
 	<securecookie host="^nm\.debian\.org$" name=".+" />
 
 
-	<rule from="^http://((?:bugs|buildd|contributors|db|dsa|ftp-master|lists|munin|nagios|nm|packages|piuparts|release|rt|security-tracker|sso|udd|vote|wiki|www)\.)?debian\.org/"
+	<rule from="^http://((?:anonscm|(?:[^/:@]+\.)?alioth|arch|bits|bugs(?:-master)?|buildd|bzr|contributors|cvs|darcs|db|dsa|ftp-master|git|hg|lintian|lists|munin|nagios|nm|openstack\.bm|packages|people|piuparts|puppet-dashboard|(?:packages\.)?qa|release|rt|rtc|security-(?:tracker|master)|sip-ws|sso|svn|tracker|udd|vote|wiki|www)\.)?debian\.org/"
 		to="https://$1debian.org/"; />
 
 	<rule from="^http://(france|screenshots)\.debian\.net/"

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Pkg-mozext-maintainers mailing list
Pkg-mozext-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers

Reply via email to