On Sat, 11 Mar 2017 14:25:13 -0700 Adam Weinberger <ad...@adamw.org> wrote: >> On 11 Mar, 2017, at 12:53, Adam Weinberger <ad...@adamw.org> wrote: >>> On 11 Mar, 2017, at 12:29, Tijl Coosemans <t...@freebsd.org> wrote: >>> On Sat, 11 Mar 2017 10:18:18 -0700 Adam Weinberger <ad...@adamw.org> >>> wrote: >>>> On 11 Mar, 2017, at 10:13, Tijl Coosemans <t...@freebsd.org> >>>> wrote: >>>>> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbe...@freebsd.org (Jan >>>>> Beich) wrote: >>>>>> Tijl Coosemans <t...@freebsd.org> writes: >>>>>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer >>>>>>> <ger...@pfeifer.com> wrote: >>>>>>>> As some of you may have seen, I have done a bit of work on >>>>>>>> bsd.sites.mk recently. >>>>>>>> >>>>>>>> One question I ran into: If a site offers both HTTPS and >>>>>>>> HTTP, which of the two do we prefer? (Or do we want to list >>>>>>>> both?) >>>>>>> >>>>>>> https first for people that run 'make makesum'. >>>>>> >>>>>> It was made MITM-friendly sometime ago. >>>>>> >>>>>> https://svnweb.freebsd.org/changeset/ports/324051 >>>>> >>>>> Ugh, can portmgr approve the attached patch?<fetchenv.patch> >>>> >>>> If distfiles from sites with invalid certificates won't fetch for >>>> end-users, they won't fetch during makesum either. >>> >>> - Given that web browsers have become much less forgiving about such >>> certificates this is probably much less of a problem nowadays. >>> - Possibly, many of these errors are because users forgot to install >>> ca_root_nss. We can hold port maintainers to a higher standard and >>> expect them to have this installed. >>> - Such sites should perhaps be removed from MASTER_SITES. If >>> that's not possible FETCH_ENV can be set in the port Makefile. >> >> I don't disagree with any point. Do you want to submit a PR so that >> an exp-run of sorts can see how many distfiles we're talking about? > > Antoine reminded me that this only affects makesum, so I guess there's > really no way of telling what ports this would affect. Either way, > your reasoning is sound and you've convinced me. I'm good with this > change; as you said, worst-case scenario, ports with broken > MASTER_SITES can override FETCH_ENV or a toggle can be added.
Committed in r436081. _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
