GNU bug report logs -
#27778
Changing package source URLs from git:// to https://
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Thu, 20 Jul 2017 22:07:02 UTC
Severity: normal
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 27778 in the body.
You can then email your comments to 27778 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#27778; Package
guix.
(Thu, 20 Jul 2017 22:07:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Thu, 20 Jul 2017 22:07:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
There are several packages that fetch their sources over the Git
protocol. That is, 'git://'.
This protocol is unauthenticated, which is not great, although not 100%
terrible since we know the hash of what we are trying to fetch. Also, it
uses port 9418 which is blocked more often than 443 or 80.
Let's change these packages to use HTTPS or HTTP!
~/guix/gnu/packages% grep -rI 'git://'
pumpio.scm: (url "git://pumpa.branchable.com/")
fltk.scm: (url "git://git.tuxfamily.org/gitroot/non/fltk.git")
microcom.scm: (url "git://git.pengutronix.de/git/tools/microcom.git")
rdesktop.scm: (url "git://github.com/FreeRDP/FreeRDP.git")
gnunet.scm: (url "git://git.sv.gnu.org/guix/gnunet.git")
suckless.scm: (url "git://git.2f30.org/human.git")
admin.scm: (url "git://github.com/TrilbyWhite/interrobang")
embedded.scm: (url "git://git.zapb.de/libjaylink.git")
embedded.scm: (url "git://git.code.sf.net/p/openocd/code.git")
version-control.scm: (url "git://myrepos.branchable.com/myrepos")
audio.scm: (url "git://git.ardour.org/ardour/ardour.git")
emacs.scm: (url "git://git.hcoop.net/git/bpt/emacs.git")
messaging.scm: (url "git://git.psyced.org/git/psyclpc")
music.scm: (url "git://git.tuxfamily.org/gitroot/non/non.git")
python.scm: (url "git://github.com/tgalal/python-axolotl-curve25519")
web.scm: (url "git://git.libwebsockets.org/libwebsockets")
gnome.scm: (url "git://git.gnome.org/byzanz")
guile.scm: (url "git://git.hcoop.net/git/bpt/guile.git")
guile.scm: (url "git://dthompson.us/guile-syntax-highlight.git")
java.scm: (url "git://git.savannah.gnu.org/classpath.git")
shells.scm: (url "git://github.com/rakitzis/rc.git")
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#27778; Package
guix.
(Sat, 22 Jul 2017 23:35:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 27778 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Thu, Jul 20, 2017 at 06:06:31PM -0400, Leo Famulari wrote:
> Let's change these packages to use HTTPS or HTTP!
Well, I don't know any benefit to using HTTP over GIT, so I'm not going
to change the packages whose sources are not available over HTTPS.
Not available over HTTPS, as far as I can tell:
> pumpio.scm: (url "git://pumpa.branchable.com/")
> fltk.scm: (url "git://git.tuxfamily.org/gitroot/non/fltk.git")
> suckless.scm: (url "git://git.2f30.org/human.git")
> version-control.scm: (url "git://myrepos.branchable.com/myrepos")
> messaging.scm: (url "git://git.psyced.org/git/psyclpc")
> music.scm: (url "git://git.tuxfamily.org/gitroot/non/non.git")
> guile.scm: (url "git://dthompson.us/guile-syntax-highlight.git")
> guile.scm: (url "git://git.hcoop.net/git/bpt/guile.git")
Different data is served over HTTPS versus GIT, so not changed yet
(reported in <https://bugs.gnu.org/27795>):
> emacs.scm: (url "git://git.hcoop.net/git/bpt/emacs.git")
Ready to use HTTPS:
> microcom.scm: (url "git://git.pengutronix.de/git/tools/microcom.git")
> rdesktop.scm: (url "git://github.com/FreeRDP/FreeRDP.git")
> admin.scm: (url "git://github.com/TrilbyWhite/interrobang")
> embedded.scm: (url "git://git.zapb.de/libjaylink.git")
> embedded.scm: (url "git://git.code.sf.net/p/openocd/code.git")
> audio.scm: (url "git://git.ardour.org/ardour/ardour.git")
> python.scm: (url "git://github.com/tgalal/python-axolotl-curve25519")
> web.scm: (url "git://git.libwebsockets.org/libwebsockets")
> gnome.scm: (url "git://git.gnome.org/byzanz")
> java.scm: (url "git://git.savannah.gnu.org/classpath.git")
> shells.scm: (url "git://github.com/rakitzis/rc.git")
> gnunet.scm: (url "git://git.sv.gnu.org/guix/gnunet.git")
To reduce the number of annoying merge conflicts, I'm not going to push
the change until after core-updates is merged into master.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#27778; Package
guix.
(Tue, 25 Jul 2017 07:13:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 27778 <at> debbugs.gnu.org (full text, mbox):
Leo Famulari <leo <at> famulari.name> writes:
> On Thu, Jul 20, 2017 at 06:06:31PM -0400, Leo Famulari wrote:
>> Let's change these packages to use HTTPS or HTTP!
>
> Well, I don't know any benefit to using HTTP over GIT, so I'm not going
> to change the packages whose sources are not available over HTTPS.
One benefit is that HTTP is more readily accessible via proxy servers,
which is useful for people behind restrictive firewalls, or those who
wish to use Tor.
Mark
Information forwarded
to
bug-guix <at> gnu.org:
bug#27778; Package
guix.
(Tue, 25 Jul 2017 18:01:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 27778 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Tue, Jul 25, 2017 at 03:12:50AM -0400, Mark H Weaver wrote:
> Leo Famulari <leo <at> famulari.name> writes:
>
> > On Thu, Jul 20, 2017 at 06:06:31PM -0400, Leo Famulari wrote:
> >> Let's change these packages to use HTTPS or HTTP!
> >
> > Well, I don't know any benefit to using HTTP over GIT, so I'm not going
> > to change the packages whose sources are not available over HTTPS.
>
> One benefit is that HTTP is more readily accessible via proxy servers,
> which is useful for people behind restrictive firewalls, or those who
> wish to use Tor.
Okay, that's indeed a plus for HTTP. I'll review the leftover packages
and see if we can fetch the source over HTTP.
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Leo Famulari <leo <at> famulari.name>:
You have taken responsibility.
(Sun, 27 Aug 2017 22:38:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer.
(Sun, 27 Aug 2017 22:38:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 27778-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Tue, Jul 25, 2017 at 02:00:52PM -0400, Leo Famulari wrote:
> On Tue, Jul 25, 2017 at 03:12:50AM -0400, Mark H Weaver wrote:
> > Leo Famulari <leo <at> famulari.name> writes:
> >
> > > On Thu, Jul 20, 2017 at 06:06:31PM -0400, Leo Famulari wrote:
> > >> Let's change these packages to use HTTPS or HTTP!
> > >
> > > Well, I don't know any benefit to using HTTP over GIT, so I'm not going
> > > to change the packages whose sources are not available over HTTPS.
> >
> > One benefit is that HTTP is more readily accessible via proxy servers,
> > which is useful for people behind restrictive firewalls, or those who
> > wish to use Tor.
>
> Okay, that's indeed a plus for HTTP. I'll review the leftover packages
> and see if we can fetch the source over HTTP.
I didn't find any package sources using GIT that could use HTTP
but not HTTPS. I pushed my changes related to this bug report as
5f13bf0972310dfd5e2f26a4adc8b5aab4be7407.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#27778; Package
guix.
(Sun, 27 Aug 2017 23:42:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 27778 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Leo Famulari transcribed 3.2K bytes:
> On Thu, Jul 20, 2017 at 06:06:31PM -0400, Leo Famulari wrote:
> > Let's change these packages to use HTTPS or HTTP!
>
> Well, I don't know any benefit to using HTTP over GIT, so I'm not going
> to change the packages whose sources are not available over HTTPS.
>
> Not available over HTTPS, as far as I can tell:
Yep, 2f30.org and psyced.org have no http/https access for the git.
psyced.org has an .onion which is advised to be used, but we can't
take on the position that it is generally safe to use tor without
risks for everyone.
…
> > suckless.scm: (url "git://git.2f30.org/human.git")
…
> > messaging.scm: (url "git://git.psyced.org/git/psyclpc")
…
--
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 25 Sep 2017 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 6 years and 214 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.