> On 13 Mar, 2017, at 7:32, Tijl Coosemans <t...@freebsd.org> wrote: > > On Sat, 11 Mar 2017 14:25:13 -0700 Adam Weinberger <ad...@adamw.org> > wrote: >>> On 11 Mar, 2017, at 12:53, Adam Weinberger <ad...@adamw.org> wrote: >>>> On 11 Mar, 2017, at 12:29, Tijl Coosemans <t...@freebsd.org> wrote: >>>> On Sat, 11 Mar 2017 10:18:18 -0700 Adam Weinberger <ad...@adamw.org> >>>> wrote: >>>>> On 11 Mar, 2017, at 10:13, Tijl Coosemans <t...@freebsd.org> >>>>> wrote: >>>>>> On Sat, 11 Mar 2017 12:18:51 +0000 (UTC) jbe...@freebsd.org (Jan >>>>>> Beich) wrote: >>>>>>> Tijl Coosemans <t...@freebsd.org> writes: >>>>>>>> On Sat, 11 Mar 2017 10:53:01 +0100 (CET) Gerald Pfeifer >>>>>>>> <ger...@pfeifer.com> wrote: >>>>>>>>> As some of you may have seen, I have done a bit of work on >>>>>>>>> bsd.sites.mk recently. >>>>>>>>> >>>>>>>>> One question I ran into: If a site offers both HTTPS and >>>>>>>>> HTTP, which of the two do we prefer? (Or do we want to list >>>>>>>>> both?) >>>>>>>> >>>>>>>> https first for people that run 'make makesum'. >>>>>>> >>>>>>> It was made MITM-friendly sometime ago. >>>>>>> >>>>>>> https://svnweb.freebsd.org/changeset/ports/324051 >>>>>> >>>>>> Ugh, can portmgr approve the attached patch?<fetchenv.patch> >>>>> >>>>> If distfiles from sites with invalid certificates won't fetch for >>>>> end-users, they won't fetch during makesum either. >>>> >>>> - Given that web browsers have become much less forgiving about such >>>> certificates this is probably much less of a problem nowadays. >>>> - Possibly, many of these errors are because users forgot to install >>>> ca_root_nss. We can hold port maintainers to a higher standard and >>>> expect them to have this installed. >>>> - Such sites should perhaps be removed from MASTER_SITES. If >>>> that's not possible FETCH_ENV can be set in the port Makefile. >>> >>> I don't disagree with any point. Do you want to submit a PR so that >>> an exp-run of sorts can see how many distfiles we're talking about? >> >> Antoine reminded me that this only affects makesum, so I guess there's >> really no way of telling what ports this would affect. Either way, >> your reasoning is sound and you've convinced me. I'm good with this >> change; as you said, worst-case scenario, ports with broken >> MASTER_SITES can override FETCH_ENV or a toggle can be added. > > Committed in r436081.
Can you please add a quick blurb about this to CHANGES? # Adam -- Adam Weinberger ad...@adamw.org https://www.adamw.org _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
