On Sat, 11 Mar 2017 14:25:13 -0700 Adam Weinberger <[email protected]> wrote: >> On 11 Mar, 2017, at 12:53, Adam Weinberger <[email protected]> wrote: >>> On 11 Mar, 2017, at 12:29, Tijl Coosemans <[email protected]> wrote: >>> On Sat, 11 Mar 2017 10:18:18 -0700 Adam Weinberger <[email protected]> >>> wrote: >>>> On 11 Mar, 2017, at 10:13, Tijl Coosemans <[email protected]> >>>> wrote: >>>>> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) [email protected] (Jan >>>>> Beich) wrote: >>>>>> Tijl Coosemans <[email protected]> writes: >>>>>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer >>>>>>> <[email protected]> wrote: >>>>>>>> As some of you may have seen, I have done a bit of work on >>>>>>>> bsd.sites.mk recently. >>>>>>>> >>>>>>>> One question I ran into: If a site offers both HTTPS and >>>>>>>> HTTP, which of the two do we prefer? (Or do we want to list >>>>>>>> both?) >>>>>>> >>>>>>> https first for people that run 'make makesum'. >>>>>> >>>>>> It was made MITM-friendly sometime ago. >>>>>> >>>>>> https://svnweb.freebsd.org/changeset/ports/324051 >>>>> >>>>> Ugh, can portmgr approve the attached patch?<fetchenv.patch> >>>> >>>> If distfiles from sites with invalid certificates won't fetch for >>>> end-users, they won't fetch during makesum either. >>> >>> - Given that web browsers have become much less forgiving about such >>> certificates this is probably much less of a problem nowadays. >>> - Possibly, many of these errors are because users forgot to install >>> ca_root_nss. We can hold port maintainers to a higher standard and >>> expect them to have this installed. >>> - Such sites should perhaps be removed from MASTER_SITES. If >>> that's not possible FETCH_ENV can be set in the port Makefile. >> >> I don't disagree with any point. Do you want to submit a PR so that >> an exp-run of sorts can see how many distfiles we're talking about? > > Antoine reminded me that this only affects makesum, so I guess there's > really no way of telling what ports this would affect. Either way, > your reasoning is sound and you've convinced me. I'm good with this > change; as you said, worst-case scenario, ports with broken > MASTER_SITES can override FETCH_ENV or a toggle can be added.
Committed in r436081. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[email protected]"
