[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 3/4] Miscellaneous and documentation: Only use TLS-protected transports




On Thu, Feb 9, 2023 at 5:51 PM Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx> wrote:
On Thu, Feb 09, 2023 at 02:25:07PM +0000, George Dunlap wrote:
> On Wed, Feb 8, 2023 at 8:59 PM Demi Marie Obenour <
> demi@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> > Obtaining code over an insecure transport is a terrible idea for
> > blatently obvious reasons.  Even for non-executable data, insecure
> > transports are considered deprecated.
> >
> > This patch changes miscellaneous links that are not used by any
> > automated tool.  Some of these links are dead anyway.
> >
>
> As I said in response to patch 4, I appreciate the goal and the effort
> here.  But I'd rather not replace a working link with a broken link, or a
> broken link with another broken link.
>
> If we want to make this change, I think we're going to have to be creative
> with how the link replacement is done, as well as in how it's demonstrated
> to reviewers that the new URLs are valid.
>
> One option, for instance, could be writing a small script that would check
> the link validity first and only make the change if the link was valid; and
> then including that script in the commit message.  The reviewer could then
> convince themselves that the script was correct, and give an Ack or R-b on
> that basis.  There are probably other ideas as well.
>
> Any thoughts?
>
>  -George

What about breaking the patch up into smaller ones?  One could change
all of the xenbits.xen.org links in one patch, since those are known to
support HTTPS.  Then keep going for other domains.

That would work for me.

 -George

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.