On Fri, Jan 23, 2015 at 3:16 PM, Michael Orlitzky <m...@gentoo.org> wrote:
> On 01/23/2015 03:22 PM, Michał Górny wrote: > > Dnia 2015-01-23, o godz. 14:26:48 > > Michael Orlitzky <m...@gentoo.org> napisał(a): > > > >> On 01/23/2015 02:13 PM, Michał Górny wrote: > >>> To help you enable the correct USE flags, we are providing a Python > >>> script which generates the correct value from your /proc/cpuinfo [1]. > >>> The Python script can be downloaded and executed using the following > >>> command: > >>> > >>> $ wget -O - dev.gentoo.org/~mgorny/cpuinfo2cpuflags-x86.py | python > >> > >> Can we not encourage people to pipe stuff from a plain-http website into > >> an interpreter? > > > > Find a better solution. > If you trust GitHub, put it on a Gist, and it'll be accessible via HTTPS and SSH. If the "raw" URL is too ugly, and you trust Google, use the HTTPS version of goo.gl to shorten it. > Even `wget --no-check-certificate` would be a big improvement. Or since > Firefox seems happy with the dev.gentoo.org certificate, we could just > ask them to download it with their browsers. > > Longer term: can we make wget like our SSL certificate? "DigiCert SHA2 High Assurance Server CA" is not in ca-certificates. Funnily, DigiCert's download link for it is via plain HTTP so reasonable paranoia demands manually verifying the chain after downloading.
