Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive
> Date: Wed, 10 May 2017 16:31:38 +0100 > From: lf...@cruziero.com (akhiezer) > > > From: Paul Menzel> > Date: Wed, 10 May 2017 17:06:05 +0200 > > > > Dear BLFS folks, > > > > > > It???d be awesome > > > (( > - really, 'awesome' again: I guess the threshold for being awed, > varies greatly. > )) > > > > if you used the more secure HTTPS URL for downloading > > the HarBuzz archive in the instructions [1]. > [...] > > > Just to be perhaps clear(er): from here at least: * thanks for the (objective) info on the adjusted, redirecting, upstream url. * (Imho, https-vs-http is (o/c) not 100% clear-cut: e.g. there are pros'n'cons of the overall current certificate-chain setup; e.g. ultimately, what parties are essentially the gatekeepers - who wants paid before you can play.) * (the 'awesome' was really a 'gentle' nudge re lang accuracy.) rgds, akh -- -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive
On 05/10/2017 05:28 PM, Paul Menzel wrote: Dear Tim, On 05/10/17 17:24, Tim Tassonis wrote: On May 10, 2017 17:06:29 Paul Menzelwrote: It’d be awesome if you used the more secure HTTPS URL for downloading the HarBuzz archive in the instructions [1]. Yes, because it is totally very important that open source source code downloads are processed with the highest privacy possible. Maybe the anduin patch downloads could be put in the darknet and only be made accessible by a tor browser, how about that? How about you read up on what HTTPS is for before writing such a cynical response wasting everyone’s time? Hint, it’s not only about encryption. I'm working in IT security since 1998, having helped to deploy the first swiss Certificate Authoority, so i guess, I know a lot more about it than you. About wasting people's time: You're quite good with that, too. […] Kind regards, Paul -- decentral.ch - IT Stuff Tim Tassonis Dennlerstasse 36 8047 Zürich st...@decentral.ch +41 79 229 36 17 -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive
> From: Paul Menzel> Date: Wed, 10 May 2017 17:06:05 +0200 > > Dear BLFS folks, > > > It???d be awesome (( - really, 'awesome' again: I guess the threshold for being awed, varies greatly. )) > if you used the more secure HTTPS URL for downloading > the HarBuzz archive in the instructions [1]. [...] > akh -- -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive
Dear Tim, On 05/10/17 17:24, Tim Tassonis wrote: On May 10, 2017 17:06:29 Paul Menzelwrote: It’d be awesome if you used the more secure HTTPS URL for downloading the HarBuzz archive in the instructions [1]. Yes, because it is totally very important that open source source code downloads are processed with the highest privacy possible. Maybe the anduin patch downloads could be put in the darknet and only be made accessible by a tor browser, how about that? How about you read up on what HTTPS is for before writing such a cynical response wasting everyone’s time? Hint, it’s not only about encryption. […] Kind regards, Paul -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive
On May 10, 2017 17:06:29 Paul Menzelwrote: Dear BLFS folks, It’d be awesome if you used the more secure HTTPS URL for downloading the HarBuzz archive in the instructions [1]. Yes, because it is totally very important that open source source code downloads are processed with the highest privacy possible. Maybe the anduin patch downloads could be put in the darknet and only be made accessible by a tor browser, how about that? ``` $ curl -I http://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.6.tar.bz2 HTTP/1.1 302 Found Date: Wed, 10 May 2017 15:04:44 GMT Server: Apache/2.4.10 (Debian) Location: https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.6.tar.bz2 Content-Type: text/html; charset=iso-8859-1 $ curl -I https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.6.tar.bz2 HTTP/1.1 200 OK Date: Wed, 10 May 2017 15:04:49 GMT Server: Apache/2.4.10 (Debian) Last-Modified: Sun, 23 Apr 2017 23:22:36 GMT ETag: "16820e-54dddc4189d3b" Accept-Ranges: bytes Content-Length: 1475086 Content-Type: application/x-bzip2 ``` Maybe that could be done for all URLs with the domain *www.freedesktop.org*. Kind regards, Paul [1] http://www.linuxfromscratch.org/blfs/view/svn/general/harfbuzz.html -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
[blfs-dev] Use HTTPS URL for HarfBuzz archive
Dear BLFS folks, It’d be awesome if you used the more secure HTTPS URL for downloading the HarBuzz archive in the instructions [1]. ``` $ curl -I http://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.6.tar.bz2 HTTP/1.1 302 Found Date: Wed, 10 May 2017 15:04:44 GMT Server: Apache/2.4.10 (Debian) Location: https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.6.tar.bz2 Content-Type: text/html; charset=iso-8859-1 $ curl -I https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.6.tar.bz2 HTTP/1.1 200 OK Date: Wed, 10 May 2017 15:04:49 GMT Server: Apache/2.4.10 (Debian) Last-Modified: Sun, 23 Apr 2017 23:22:36 GMT ETag: "16820e-54dddc4189d3b" Accept-Ranges: bytes Content-Length: 1475086 Content-Type: application/x-bzip2 ``` Maybe that could be done for all URLs with the domain *www.freedesktop.org*. Kind regards, Paul [1] http://www.linuxfromscratch.org/blfs/view/svn/general/harfbuzz.html -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page