On Thu, Feb 09, 2023 at 02:01:52PM +0000, George Dunlap wrote: > On Wed, Feb 8, 2023 at 8:58 PM Demi Marie Obenour < > d...@invisiblethingslab.com> wrote: > > > Obtaining code over an insecure transport is a terrible idea for > > blatently obvious reasons. Even for non-executable data, insecure > > transports are considered deprecated. > > > > This patch enforces the use of secure transports in the build system. > > > > Signed-off-by: Demi Marie Obenour <d...@invisiblethingslab.com> > > > > Hey Demi, > > Thanks for this series -- we definitely want the build system to use secure > transports when available. Can you confirm that you've tested the "+s" > versions of all the URLs in this patch, and verified that they actually > work?
:'( -> https://gitlab.com/xen-project/patchew/xen/-/pipelines/771746628/ Our GitLab tests are very unhappy with the switch to TLS. Too many containers aren't recent enough, and don't have the right certificates (Let's encrypt I guess). I've only looked at two failures: ubuntu-focal-clang: fatal: unable to access 'https://xenbits.xen.org/git-http/qemu-xen.git/': server certificate verification failed. CAfile: none CRLfile: none ubuntu-xenial-gcc: ERROR: cannot verify xenbits.xen.org's certificate, issued by 'CN=R3,O=Let\'s Encrypt,C=US': I'll try to have a look at updating those containers. Cheers, -- Anthony PERARD
