Bug#897082: lintian: Please do not warn about debian-watch-uses-insecure-uri for ftp:// URIs

retitle 897082 lintian: Please clarify what to do with debian-watch-uses-insecure-uri for ftp:// URIs thanks Dear Andreas, > I agree my bug title was not very sensibly choosen. No problem at all. I just wanted to ensure I understood where you were coming from. > Feel free to close the bug if

Bug#897082: lintian: Please do not warn about debian-watch-uses-insecure-uri for ftp:// URIs

Niels Thykier writes: > Chris Lamb: >> Hi Andreas, >> >>> [...] >> ... which does seem to cover the ftp:// case. Perhaps you were >> thinking of something like: >> >> The watch file uses an unencrypted transport protocol for the >> URI such as http:// or ftp://. It is

Bug#897082: lintian: Please do not warn about debian-watch-uses-insecure-uri for ftp:// URIs

Hi Chris, On Sat, Apr 28, 2018 at 10:52:56AM +0100, Chris Lamb wrote: > > Indeed, but just to clarify my own confusion, given this bug is > titled "please do not warn about debian-watch-uses-insecure-uri for > ftp:// URIs" I am unsure how a relatively-minor wording change, > even if helpful,

Bug#897082: lintian: Please do not warn about debian-watch-uses-insecure-uri for ftp:// URIs

Niels, > Perhaps "... such as HTTPS or FTPS (FTP + TLS) for anonymous read-only > access." would help cover the FTP-case? Indeed, but just to clarify my own confusion, given this bug is titled "please do not warn about debian-watch-uses-insecure-uri for ftp:// URIs" I am unsure how a

Bug#897082: lintian: Please do not warn about debian-watch-uses-insecure-uri for ftp:// URIs

Chris Lamb: > Hi Andreas, > >> [...] > ... which does seem to cover the ftp:// case. Perhaps you were > thinking of something like: > > The watch file uses an unencrypted transport protocol for the > URI such as http:// or ftp://. It is recommended to use a secure > transport such as HTTPS

Bug#897082: lintian: Please do not warn about debian-watch-uses-insecure-uri for ftp:// URIs

Hi Andreas, > May be the lintian warning should be more explicit and say: > > d/watch is pointing to an ftp download location. Downloading > from ftp sites is considered insecure when not using ftp over > TLS. Alas, without introducing a separate tag for ftp:// watch files, we cannot

Bug#897082: lintian: Please do not warn about debian-watch-uses-insecure-uri for ftp:// URIs

Hi Chris, On Sat, Apr 28, 2018 at 08:31:40AM +0100, Chris Lamb wrote: > > I: seaview source: debian-watch-uses-insecure-uri > > ftp://pbil.univ-lyon1.fr/pub/ […] > > > > Since there is no anonymous secure ftp this info is not very helpful > > IMHO. > > Lintian asking you to encourage upstream

Bug#897082: lintian: Please do not warn about debian-watch-uses-insecure-uri for ftp:// URIs

tags 897082 + moreinfo thanks Andreas, > I: seaview source: debian-watch-uses-insecure-uri > ftp://pbil.univ-lyon1.fr/pub/ […] > > Since there is no anonymous secure ftp this info is not very helpful > IMHO. Lintian asking you to encourage upstream to move to HTTPS. Or perhaps I'm missing

Bug#897082: lintian: Please do not warn about debian-watch-uses-insecure-uri for ftp:// URIs

On Sat, 28 Apr 2018 07:49:43 +0200 Andreas Tille wrote: > I: seaview source: debian-watch-uses-insecure-uri > ftp://pbil.univ-lyon1.fr/pub/mol_phylogeny/seaview/archive/seaview_(.*)\.tar\.gz lintian is correct here, ftp URLs are insecure. > Since there is no anonymous secure ftp this info is

Bug#897082: lintian: Please do not warn about debian-watch-uses-insecure-uri for ftp:// URIs

Package: lintian Severity: normal Hi, lintian is warning (rather "informing") about insecure URIs when ftp is used. For instance the package seaview gets: I: seaview source: debian-watch-uses-insecure-uri ftp://pbil.univ-lyon1.fr/pub/mol_phylogeny/seaview/archive/seaview_(.*)\.tar\.gz Since