[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 2/3] Build system: Replace git:// and http:// with https://

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 24 Feb 2023 17:55:01 -0500
Cc: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 24 Feb 2023 22:55:29 +0000
Feedback-id: iac594737:Fastmail
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Feb 21, 2023 at 11:07:58AM +0100, Jan Beulich wrote:
> On 19.02.2023 03:46, Demi Marie Obenour wrote:
> > --- a/stubdom/configure
> > +++ b/stubdom/configure
> > @@ -3535,7 +3535,7 @@ if test "x$ZLIB_URL" = "x"; then :
> >     if test "x$extfiles" = "xy"; then :
> >    ZLIB_URL=\$\(XEN_EXTFILES_URL\)
> >  else
> > -  ZLIB_URL="http://www.zlib.net";
> > +  ZLIB_URL="https://www.zlib.net";
> >  fi
> 
> In v3 you said that this URL can't be used anymore for the version we're
> trying to fetch (which I can confirm). Leaving aside the question of why
> stubdom was never updated in that regard, what use is it to update URL
> (without even mentioning the aspect in the description) in such a case?
> (I haven't gone through any of the other URLs again, so there may well
> be more similar cases.)

Main advantage is that it will fail securely rather than downloading
whatever random code an MITM attacker put in there.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: [PATCH v4 2/3] Build system: Replace git:// and http:// with https://
  - From: Jan Beulich

References:
- [PATCH v4 0/3] Stop using insecure transports
  - From: Demi Marie Obenour
- [PATCH v4 2/3] Build system: Replace git:// and http:// with https://
  - From: Demi Marie Obenour
- Re: [PATCH v4 2/3] Build system: Replace git:// and http:// with https://
  - From: Jan Beulich

Prev by Date: [libvirt test] 178315: tolerable trouble: fail/pass/starved - PUSHED
Next by Date: [xen-unstable-smoke test] 178391: tolerable trouble: pass/starved - PUSHED
Previous by thread: Re: [PATCH v4 2/3] Build system: Replace git:// and http:// with https://
Next by thread: Re: [PATCH v4 2/3] Build system: Replace git:// and http:// with https://
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.