Package: libdvd-pkg Version: 1.4.0-1-2 Severity: wishlist
Hi. The videolan servers support https, I suggest using this for the download. While this doesn't help with security, it adds privacy for the download process. Of course one needs to add some --ca-certificate= to wget, of course best would be to only add the CA that videoland actually uses, currently USERTrust RSA Certification Authority. And one would need to depend on ca-certificates. You should perhaps also update the watchfile. btw: In get-orig-source, why do you use uscan to download the current version if downloading fails with wget? That should then anyway not be usable due to the missing SHA256sum file,... and it won't be deleted then either, so the user may accidentally use that unverified code. Cheers, Chris.
