-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Mar 06, 2016 at 08:13:49PM +0000, Ben Hutchings wrote: > On Sun, 2016-03-06 at 19:19 +0000, Bas Wijnen wrote: > > On Sun, Mar 06, 2016 at 07:35:57PM +0100, Jakub Wilk wrote: > > > > > > So, what we're going to do about it? I see the following options: > > > > > > B) Fix the spec to allow the HTTPS URL; fix the HTTP-only consumers. > > That. Https is good for our users. Even if the effect of this change is > > very > > minor, we should show them that it should be the default everywhere. > > The use of the 'http:' scheme in a format identifier has nothing to do > with the protocol used to find information about the format.
I disagree. While your statement is correct in terms of the file format, there is more to it. DEP-5 files are intended to be human readable. This magic line isn't only a token to detect that the format is used; it is also a link to the format definition. > You might as well advocate for changing the URLs used to identify XML > namespaces to use the 'https:' scheme, and with the same effects on > compatibility (negative) and security (none whatsoever). When you follow those URLs, you see machine-readable files that may also be semi-readable for humans. Not something that is intended for human readers. Those URLs really are just for defining the standards version; the DEP-5 line is also a link to documentation. Thanks, Bas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJW3KFfAAoJEJzRfVgHwHE61QAQAJ+TxXVLFUgZc/j7Lmxhkji1 8IQRqyYcRu1LQLN0szxd1uPNFNBxEQjuZs27yg/8GNTUXbGT6xazL0GWPLLz/iVr XX+iBAz1Y1WnpbcCslr9GOCFK76gI2ogl7R0o5AJA2Lw+PXlAzB9AXdQWfm0Z9f6 GOTwqdox3SLvGhT3RdXtGMzfv4m0+uAiTLvPfWMqV9XlmqQTZM/kAvvGdc8iyz8u 5BEeZOw2bOPWPse3WSS4R+S5YpI2ULxghKS6YX3+7HuXkCKw/o8wtp2D5J1539jz zAsWm83mTxzC6F9nBeC6cfLKZb7xYa4R6NsNIY74I2HQC4viw3iIwZA6QltaQBli UGdiQX9wXEfIFLPKOPCiWW0TlAcGqthZHxj2ejykODSIoNP5PKoLc+u36gs2VwnJ 2YrAwzC4cj3neNNv0+fcmfyCBOedc3P9VCA/5C0oOpVNSAPKhYwjy8DQdCSq8uRN MkgkbM+cJEJXP8aTWRf8ucFfWofk8aunn031ZRPYaGAXV/hKEtVQFOEsXDSj46a3 cu6bZIy2dcv7jPTblOwJYhEUwvux0+/A5nYFPa6WwjUEPR+aanMPS8nMe3nhMc/e kwSbvZ6Ar0l3qp6s6BQxO9I1kZ9loh9beGzHa2zcoSnxy3efFoKs/546EX6FnWjB 41+9B6NF/Y9Bo2vjQ9V8 =H4vA -----END PGP SIGNATURE-----
