[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] [PATCH 1/2] git-r3.eclass: Update docs to discourage unsafe protocols
From:       Michał_Górny <mgorny () gentoo ! org>
Date:       2017-08-25 13:52:06
Message-ID: 1503669126.1016.5.camel () gentoo ! org
[Download RAW message or body]

W dniu sob, 19.08.2017 o godzinie 10∶25 +0200, użytkownik Michał Górny
napisał:
> ---
>  eclass/git-r3.eclass | 14 +++++++++-----
>  1 file changed, 9 insertions(+), 5 deletions(-)
> 
> diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass
> index bc7d4d920299..42b586811368 100644
> --- a/eclass/git-r3.eclass
> +++ b/eclass/git-r3.eclass
> @@ -105,10 +105,14 @@ fi
>  # @ECLASS-VARIABLE: EGIT_REPO_URI
>  # @REQUIRED
>  # @DESCRIPTION:
> -# URIs to the repository, e.g. git://foo, https://foo. If multiple URIs
> -# are provided, the eclass will consider them as fallback URIs to try
> -# if the first URI does not work. For supported URI syntaxes, read up
> -# the manpage for git-clone(1).
> +# URIs to the repository, e.g. https://foo. If multiple URIs are
> +# provided, the eclass will consider the remaining URIs as fallbacks
> +# to try if the first URI does not work. For supported URI syntaxes,
> +# read up the manpage for git-clone(1).
> +#
> +# URIs should be using https:// whenever possible. http:// and git://
> +# URIs are unsafe and their use (even if only as a fallback) makes
> +# MITM attacks possible.
>  #
>  # It can be overriden via env using ${PN}_LIVE_REPO variable.
>  #
> @@ -116,7 +120,7 @@ fi
>  #
>  # Example:
>  # @CODE
> -# EGIT_REPO_URI="git://a/b.git https://c/d.git"
> +# EGIT_REPO_URI="https://a/b.git https://c/d.git"
>  # @CODE
>  
>  # @ECLASS-VARIABLE: EVCS_OFFLINE

Committed.

-- 
Best regards,
Michał Górny


[prev in list] [next in list] [prev in thread] [next in thread]