From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id DE3F41396D0 for ; Sun, 20 Aug 2017 19:25:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 94F341FC03A; Sun, 20 Aug 2017 19:25:30 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 459BF1FC008 for ; Sun, 20 Aug 2017 19:25:30 +0000 (UTC) Received: from pomiot (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 81D893419EE; Sun, 20 Aug 2017 19:25:28 +0000 (UTC) Message-ID: <1503257124.20666.1.camel@gentoo.org> Subject: Re: [gentoo-dev] [PATCH 1/2] git-r3.eclass: Update docs to discourage unsafe protocols From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Date: Sun, 20 Aug 2017 21:25:24 +0200 In-Reply-To: <20170820180534.GA920@linux1.home> References: <20170819082502.27716-1-mgorny@gentoo.org> <20170820180534.GA920@linux1.home> Organization: Gentoo Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: bfcc0ad8-ad5f-4e6d-9d02-32a70ec3b0c9 X-Archives-Hash: 64ee3ced310166eb78cdc10cc44a0cf6 W dniu nie, 20.08.2017 o godzinie 13∶05 -0500, użytkownik William Hubbs napisał: > On Sat, Aug 19, 2017 at 10:25:01AM +0200, Michał Górny wrote: > > --- > > eclass/git-r3.eclass | 14 +++++++++----- > > 1 file changed, 9 insertions(+), 5 deletions(-) > > > > diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass > > index bc7d4d920299..42b586811368 100644 > > --- a/eclass/git-r3.eclass > > +++ b/eclass/git-r3.eclass > > @@ -105,10 +105,14 @@ fi > > # @ECLASS-VARIABLE: EGIT_REPO_URI > > # @REQUIRED > > # @DESCRIPTION: > > -# URIs to the repository, e.g. git://foo, https://foo. If multiple URIs > > -# are provided, the eclass will consider them as fallback URIs to try > > -# if the first URI does not work. For supported URI syntaxes, read up > > -# the manpage for git-clone(1). > > +# URIs to the repository, e.g. https://foo. If multiple URIs are > > +# provided, the eclass will consider the remaining URIs as fallbacks > > +# to try if the first URI does not work. For supported URI syntaxes, > > +# read up the manpage for git-clone(1). > > s/read up/read/ > > > +# URIs should be using https:// whenever possible. http:// and git:// > > +# URIs are unsafe and their use (even if only as a fallback) makes > > +# MITM attacks possible. > > # > > # It can be overriden via env using ${PN}_LIVE_REPO variable. > > s/overriden/overridden/ > Fixed, thanks. -- Best regards, Michał Górny