date:20170510

Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive

2017-05-10 Thread akhiezer

> Date: Wed, 10 May 2017 16:31:38 +0100
> From: lf...@cruziero.com (akhiezer)
>
> > From: Paul Menzel 
> > Date: Wed, 10 May 2017 17:06:05 +0200
> >
> > Dear BLFS folks,
> >
> >
> > It???d be awesome
>
>
> ((
>  - really, 'awesome' again: I guess the threshold for being awed,
> varies greatly.
> ))
>
>
> > if you used the more secure HTTPS URL for downloading 
> > the HarBuzz archive in the instructions [1].
> [...]
> >
>


Just to be perhaps clear(er): from here at least:

* thanks for the (objective) info on the adjusted, redirecting,
  upstream url.

* (Imho, https-vs-http is (o/c) not 100% clear-cut: e.g. there
  are pros'n'cons of the overall current certificate-chain setup;
  e.g. ultimately, what parties are essentially the gatekeepers -
  who wants paid before you can play.)

* (the 'awesome' was really a 'gentle' nudge re lang accuracy.)




rgds,

akh





--
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive

2017-05-10 Thread Tim Tassonis


On 05/10/2017 05:28 PM, Paul Menzel wrote:

Dear Tim,


On 05/10/17 17:24, Tim Tassonis wrote:


On May 10, 2017 17:06:29 Paul Menzel  wrote:



It’d be awesome if you used the more secure HTTPS URL for downloading
the HarBuzz archive in the instructions [1].


Yes, because it is totally very important that open source source code 
downloads are processed with the highest privacy possible.


Maybe the anduin patch downloads could be put in the darknet and only 
be made accessible by a tor browser, how about that?


How about you read up on what HTTPS is for before writing such a cynical 
  response wasting everyone’s time? Hint, it’s not only about encryption.



I'm working in IT security since 1998, having helped to deploy the first 
swiss Certificate Authoority, so i guess, I know a lot more about it 
than you. About wasting people's time: You're quite good with that, too.





[…]


Kind regards,

Paul



--
decentral.ch - IT Stuff
Tim Tassonis
Dennlerstasse 36
8047 Zürich

st...@decentral.ch
+41 79 229 36 17
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive

2017-05-10 Thread akhiezer

> From: Paul Menzel 
> Date: Wed, 10 May 2017 17:06:05 +0200
>
> Dear BLFS folks,
>
>
> It???d be awesome


((
 - really, 'awesome' again: I guess the threshold for being awed,
varies greatly.
))


> if you used the more secure HTTPS URL for downloading 
> the HarBuzz archive in the instructions [1].
[...]
>



akh





--
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive

2017-05-10 Thread Paul Menzel


Dear Tim,


On 05/10/17 17:24, Tim Tassonis wrote:


On May 10, 2017 17:06:29 Paul Menzel  wrote:



It’d be awesome if you used the more secure HTTPS URL for downloading
the HarBuzz archive in the instructions [1].


Yes, because it is totally very important that open source source code 
downloads are processed with the highest privacy possible.


Maybe the anduin patch downloads could be put in the darknet and only be 
made accessible by a tor browser, how about that?


How about you read up on what HTTPS is for before writing such a cynical 
 response wasting everyone’s time? Hint, it’s not only about encryption.


[…]


Kind regards,

Paul
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive

2017-05-10 Thread Tim Tassonis




On May 10, 2017 17:06:29 Paul Menzel  wrote:


Dear BLFS folks,


It’d be awesome if you used the more secure HTTPS URL for downloading
the HarBuzz archive in the instructions [1].


Yes, because it is totally very important that open source source code 
downloads are processed with the highest privacy possible.


Maybe the anduin patch downloads could be put in the darknet and only be 
made accessible by a tor browser, how about that?




```
$ curl -I
http://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.6.tar.bz2
HTTP/1.1 302 Found
Date: Wed, 10 May 2017 15:04:44 GMT
Server: Apache/2.4.10 (Debian)
Location:
https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.6.tar.bz2
Content-Type: text/html; charset=iso-8859-1

$ curl -I
https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.6.tar.bz2
HTTP/1.1 200 OK
Date: Wed, 10 May 2017 15:04:49 GMT
Server: Apache/2.4.10 (Debian)
Last-Modified: Sun, 23 Apr 2017 23:22:36 GMT
ETag: "16820e-54dddc4189d3b"
Accept-Ranges: bytes
Content-Length: 1475086
Content-Type: application/x-bzip2
```

Maybe that could be done for all URLs with the domain *www.freedesktop.org*.


Kind regards,

Paul


[1] http://www.linuxfromscratch.org/blfs/view/svn/general/harfbuzz.html
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page



--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

[blfs-dev] Use HTTPS URL for HarfBuzz archive

2017-05-10 Thread Paul Menzel


Dear BLFS folks,


It’d be awesome if you used the more secure HTTPS URL for downloading 
the HarBuzz archive in the instructions [1].


```
$ curl -I 
http://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.6.tar.bz2

HTTP/1.1 302 Found
Date: Wed, 10 May 2017 15:04:44 GMT
Server: Apache/2.4.10 (Debian)
Location: 
https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.6.tar.bz2

Content-Type: text/html; charset=iso-8859-1

$ curl -I 
https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.6.tar.bz2

HTTP/1.1 200 OK
Date: Wed, 10 May 2017 15:04:49 GMT
Server: Apache/2.4.10 (Debian)
Last-Modified: Sun, 23 Apr 2017 23:22:36 GMT
ETag: "16820e-54dddc4189d3b"
Accept-Ranges: bytes
Content-Length: 1475086
Content-Type: application/x-bzip2
```

Maybe that could be done for all URLs with the domain *www.freedesktop.org*.


Kind regards,

Paul


[1] http://www.linuxfromscratch.org/blfs/view/svn/general/harfbuzz.html
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive

Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive

Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive

Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive

Re: [blfs-dev] Use HTTPS URL for HarfBuzz archive

[blfs-dev] Use HTTPS URL for HarfBuzz archive

6 matches

Site Navigation

Mail list logo

Footer information