Jean-Yves Migeon <jym%NetBSD.org@localhost> writes: > Le 18/03/13 16:20, diro%nixsyspaus.org@localhost a écrit : >> On Mon, Mar 18, 2013 at 11:08:25AM -0400, Greg Troxel wrote: >>> >>> The issue is that pkgsrc has to run on all systems. So what we really >>> need is some mechanism to know about each platform's capability and do >>> the right thing. It used to be that https fetch was odd, and now it >>> isn't, so this probably needs some work. >> >> This was basically my next pair of questions. If we aren't currently >> handling this in fetch.mk, could we put it on the task list for next >> quarter? It would obsolete the necessity for FETCH_USING=curl/wget in >> many package Makefiles for https/ftps URLs. Then, we could also add a >> warning to pkglint to let the developer know that such an addition is >> not necessary anymore and update the documentation to clarify this. We don't really have task lists. But if you want to send a patch (especially one that you've testted :-) people will look at it. > Why is there so many packages using TLS/SSL then? Unless we provide a > list of acceptable certificates or CAs to validate server-side certs, > having SSL/TLS does not bring any real benefit. It's not a question of us deciding there's benefit. You're quite right that the whole hundred-CAs TLS situation is a bit odd. The real point is that there are a number of packages for which the distfiles are *only* available via https. So we have to fetch them that way.
Attachment:
pgpUkvwmQpBdJ.pgp
Description: PGP signature