Since the GNU project is decommissioning FTP soon, I installed the attached.
What do people think about changing the Gnulib documention and code to use HTTPS
instead of HTTP? That should help repel man-in-the-middle attacks.
From bbfa1a19dba24af19ec0c2c15e07b31e762ef9be Mon Sep 17 00:00:00 2001
From: Paul Eggert <egg...@cs.ucla.edu>
Date: Tue, 12 Sep 2017 16:36:27 -0700
Subject: [PATCH] maintainer-makefile: FTP -> HTTPS
* top/maint.mk (url_dir_list, ftp-gnu): Use HTTPS protocol instead
of FTP, which is planned to be decommissioned on 2017-11-01.
---
ChangeLog | 6 ++++++
top/maint.mk | 4 ++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ecaf5ab..23f1f2d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-09-12 Paul Eggert <egg...@cs.ucla.edu>
+
+ maintainer-makefile: FTP -> HTTPS
+ * top/maint.mk (url_dir_list, ftp-gnu): Use HTTPS protocol instead
+ of FTP, which is planned to be decommissioned on 2017-11-01.
+
2017-09-12 Tim Rühsen <tim.rueh...@gmx.de> (tiny change)
libc-config: Fix __GNUC_PREREQ macro.
diff --git a/top/maint.mk b/top/maint.mk
index 09a98bc..54fda45 100644
--- a/top/maint.mk
+++ b/top/maint.mk
@@ -131,7 +131,7 @@ gnu_rel_host ?= $(gnu_ftp_host-$(release-type))
url_dir_list ?= $(if $(call _equal,$(gnu_rel_host),ftp.gnu.org), \
http://ftpmirror.gnu.org/$(PACKAGE), \
- ftp://$(gnu_rel_host)/gnu/$(PACKAGE))
+ https://$(gnu_rel_host)/gnu/$(PACKAGE))
# Override this in cfg.mk if you are using a different format in your
# NEWS file.
@@ -1353,7 +1353,7 @@ release-commit:
## Updating files. ##
## ---------------- ##
-ftp-gnu = ftp://ftp.gnu.org/gnu
+ftp-gnu = https://ftp.gnu.org/gnu
www-gnu = http://www.gnu.org
upload_dest_dir_ ?= $(PACKAGE)
--
2.7.4
