On Wed, Feb 8, 2023 at 8:58 PM Demi Marie Obenour < d...@invisiblethingslab.com> wrote:
> Obtaining code over an insecure transport is a terrible idea for > blatently obvious reasons. Even for non-executable data, insecure > transports are considered deprecated. > > This patch enforces the use of secure transports in the build system. > > Signed-off-by: Demi Marie Obenour <d...@invisiblethingslab.com> > Hey Demi, Thanks for this series -- we definitely want the build system to use secure transports when available. Can you confirm that you've tested the "+s" versions of all the URLs in this patch, and verified that they actually work? If you haven't, I realize that may be somewhat tedious, but I think it's pretty important. You should be able to automate a lot of it using `curl --head --fail`. [1] -George [1] https://stackoverflow.com/questions/12199059/how-to-check-if-an-url-exists-with-the-shell-and-probably-curl
