[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v2 1/4] Build system: Replace git:// and http:// with https://
On Thu, Feb 09, 2023 at 02:01:52PM +0000, George Dunlap wrote: > On Wed, Feb 8, 2023 at 8:58 PM Demi Marie Obenour < > demi@xxxxxxxxxxxxxxxxxxxxxx> wrote: > > > Obtaining code over an insecure transport is a terrible idea for > > blatently obvious reasons. Even for non-executable data, insecure > > transports are considered deprecated. > > > > This patch enforces the use of secure transports in the build system. > > > > Signed-off-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx> > > > > Hey Demi, > > Thanks for this series -- we definitely want the build system to use secure > transports when available. Can you confirm that you've tested the "+s" > versions of all the URLs in this patch, and verified that they actually > work? I had not, but a subsequent review indicated that most do work. The exceptions are: - Neither the PolarSSL nor TPM emulator links work, but the http:// verison of these links is also broken. I added an AC_MSG_ERROR to fail the TPM emulator build if they would be used, but a Xen committer will need to regenerate configure. - the newlib url should be https://sourceware.org/ftp/newlib, not https://source.redhat.com/ftp/newlib. This was changed in configure.ac but not in configure. > If you haven't, I realize that may be somewhat tedious, but I think it's > pretty important. You should be able to automate a lot of it using `curl > --head --fail`. [1] That does not work for the Xen git repositories, but those all do work. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab Attachment:
signature.asc
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |