Date: Sat, 10 Mar 2018 10:58:04 +0100 From: Jan Beich <jbeich@FreeBSD.org> To: Alexey Dokuchaev <danfe@FreeBSD.org> Cc: Bryan Drewery <bdrewery@FreeBSD.org>, svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org, Eitan Adler <eadler@FreeBSD.org>, "Danilo G. Baio" <dbaio@FreeBSD.org> Subject: Re: svn commit: r464037 - head/irc/znc Message-ID: <r2os-ntg3-wny@FreeBSD.org> In-Reply-To: <20180310080202.GA18340@FreeBSD.org> (Alexey Dokuchaev's message of "Sat, 10 Mar 2018 08:02:02 %2B0000") References: <201803100016.w2A0GnR8013646@repo.freebsd.org> <fd8d2bb5-6235-f193-b8c5-e3cb37ea973d@FreeBSD.org> <20180310080202.GA18340@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexey Dokuchaev <danfe@FreeBSD.org> writes: > On Fri, Mar 09, 2018 at 05:58:31PM -0800, Bryan Drewery wrote: > >> This is a note in general, not specifically at you. But https for >> distfiles only achieves 2 things: 1. Privacy against someone snooping >> that you are downloading ZNC (is it really that important?) but still >> can see your DNS and connections to the ZNC site... and 2. It breaks >> proxy caching. So I don't think MASTER_SITES should be converted to >> https in general. There's this odd push for it lately but I don't see >> the benefit. > > Big +1 (HTTPS for distfiles is somewhat of a PITA for me as well). Can > we please go back to plain good HTTP? SHA256 provides enough assurance > against intermittent tampering with the distfiles. "make makesum" has no MITM protection with HTTP. Maintainers may work on updates outside of jail due to convenience and exposure to crazy make.conf optimizations. Only after an update is ready it's tested in a poudriere jail.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?r2os-ntg3-wny>