Xen project Mailing List

Re: [PATCH v2 0/4] Stop using insecure transports

To: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>

Date: Thu, 9 Feb 2023 10:09:07 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AYYg6cPBjseN5jLs9fYWcCE6w8K3jMwizwZEyylffCk=; b=dSK4Siz12Nb7lqKEe3VyZbHgvsW58vyXWe13hdif0Zf8guyNAruUYjVebT5Gka12Z4oqhjRq/SxAMqsxwAqFc3GOX5VK133In7LEbdlnB+UpY4T9wXt8MZ214nZhRNOK5MoIhyZB3pzh+YWWHxDsSSJFykED3ZCmZSQ+T6pfdOqKW2gGN6UIubuuFavFROc4JVSUBfD0EGRmh3Trm3i5V4OHxpM1MS4mtXnY/tI4YEfrTJXzz+xU/pcd70inhjmR7TpUkhsgPJxj0m7NuRzyf0C1R1EVFRpGQbnswhqebx2skHHZNVJeNL7H6q5BT9+zrsfam1gi2Nv+EJmzr07cbQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jlpy2UW0V74PEDUcEVggCZsmGr1o7YipxAiWWluV4ahsV5GzD9BrkrJ55PSULgxmuH20N4E5hbAGv6k7S1x0dKcJJpEB6FcG135xwt8s1g3FP4DsCk73/eDirp9qZjFyYu0PxLy4YG8k6plbaeE/WV5bR1aPxb5FDHzMUIdJFpf+zsyBnCF7B3bJk5LxV+joDSGSnH23V08Wk4npQxNOrv5Hyju4ZT7SlXHDYDpUkyvmmKbdmWgzCkk4AzquWjNFxdNMChkHqXuyUW49RtXt4Oxr+qwGjP72mX9i5RGru9fPvLeKfFkLWTCxtPUVdGsyccfGNvD4zmN9SHo+KhZO0w==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Christian Lindig <christian.lindig@xxxxxxxxxx>, David Scott <dave@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Elena Ufimtseva <elena.ufimtseva@xxxxxxxxxx>, Nick Rosbrook <rosbrookn@xxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Christopher Clark <christopher.w.clark@xxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>

Delivery-date: Thu, 09 Feb 2023 09:09:35 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 08.02.2023 21:58, Demi Marie Obenour wrote: > Obtaining code over an insecure transport is a terrible idea for > blatently obvious reasons. Even for non-executable data, insecure > transports are considered deprecated. > > Demi Marie Obenour (4): > Build system: Replace git:// and http:// with https:// > Automation and CI: Replace git:// and http:// with https:// > Miscellaneous and documentation: Only use TLS-protected transports > GPL License Boilerplate: Switch from HTTP to HTTPS Mind me asking what changed from v1? Neither here nor in the individual patches there's any information about that. Yet especially for the voluminous patches it would be quite relevant, to avoid reviewers needing to go through everything again that they may have checked already. Furthermore I'd like to ask that in submissions of new versions you drop recipients whose email addresses bounce. Like I did get bounces from Quan Xu's, I'd expect you did as well. Thanks, Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.