Re: pkgsrc vs. https-only master sites

To: Thomas Klausner <wiz%NetBSD.org@localhost>
Subject: Re: pkgsrc vs. https-only master sites
From: Tobias Nygren <tnn%NetBSD.org@localhost>
Date: Mon, 23 Feb 2015 15:46:13 +0100

On Mon, 23 Feb 2015 15:24:59 +0100
Thomas Klausner <wiz%NetBSD.org@localhost> wrote:

> Don't forget bootstrap and non-NetBSD.
> 
> Since on platforms without ssl, the bootstrap needs to fetch openssl,
> a two-step approach would be needed:

Platforms with builtin openssl will already DTRT I think? Including
openssl in the bootstrap procedure is probably not a viable as it
requires perl5 and godknowswhatelse.

> It's mostly SMOP, but it involves the bootstrap process and no-one was
> motivated enough yet to tackle it.

How about if bootstrap uses regular non-openssl tnftp, and we create a
separate "tnftp-ssl" package that avoids conflict with tnftp and can be
depended on later when the bootstrap is done?

> The next question is how useful ssl support is without a certificate
> chain... but we can postpone that discussion.

True in a sense, but OTOH we have distinfo checksums and this is a
primarily a matter of downloading the file, not downloading it securely.

Kind regards,
-Tobias

Follow-Ups:
- Re: pkgsrc vs. https-only master sites
  - From: Greg Troxel
- Re: pkgsrc vs. https-only master sites
  - From: Thomas Klausner

References:
- pkgsrc vs. https-only master sites
  - From: Tobias Nygren
- Re: pkgsrc vs. https-only master sites
  - From: Thomas Klausner

Prev by Date: Re: pkgsrc vs. https-only master sites
Next by Date: Re: pkgsrc vs. https-only master sites
Previous by Thread: Re: pkgsrc vs. https-only master sites
Next by Thread: Re: pkgsrc vs. https-only master sites
Indexes:

Home | Main Index | Thread Index | Old Index