| Message ID | 20200716195227.65839-1-grandmaster@al2klimov.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | encrypted-keys: Replace HTTP links with HTTPS ones | expand |
On Thu, Jul 16, 2020 at 09:52:27PM +0200, Alexander A. Klimov wrote: > Rationale: > Reduces attack surface on kernel devs opening the links for MITM > as HTTPS traffic is much harder to manipulate. A commit message should describe action e.g. "Replace HTTP URL with HTTPS URL given the security concerns and the slow deprecation of HTTP." > Deterministic algorithm: > For each file: > If not .svg: > For each line: > If doesn't contain `\bxmlns\b`: > For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: > If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: > If both the HTTP and HTTPS versions > return 200 OK and serve the same content: > Replace HTTP with HTTPS. Please remove this. We don't care about it. Git log should only contain information either for studying or maintaining the kernel source code. > > Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> /Jarkko
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> wrote: > Please remove this. We don't care about it. Git log should only contain > information either for studying or maintaining the kernel source code. Yeah - in this case it's not useful. Sometimes it's worth including the script if you think the target audience might be interested in running it for themselves - such as to help resolve merge problems. David
diff --git a/include/keys/encrypted-type.h b/include/keys/encrypted-type.h index 38afb341c3f2..abfcbe02001a 100644 --- a/include/keys/encrypted-type.h +++ b/include/keys/encrypted-type.h @@ -2,7 +2,7 @@ /* * Copyright (C) 2010 IBM Corporation * Copyright (C) 2010 Politecnico di Torino, Italy - * TORSEC group -- http://security.polito.it + * TORSEC group -- https://security.polito.it * * Authors: * Mimi Zohar <zohar@us.ibm.com>
Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> --- Continuing my work started at 93431e0607e5. See also: git log --oneline '--author=Alexander A. Klimov <grandmaster@al2klimov.de>' v5.7..master If there are any URLs to be removed completely or at least not just HTTPSified: Just clearly say so and I'll *undo my change*. See also: https://lkml.org/lkml/2020/6/27/64 If there are any valid, but yet not changed URLs: See: https://lkml.org/lkml/2020/6/26/837 If you apply the patch, please let me know. Sorry again to all maintainers who complained about subject lines. Now I realized that you want an actually perfect prefixes, not just subsystem ones. I tried my best... And yes, *I could* (at least half-)automate it. Impossible is nothing! :) include/keys/encrypted-type.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)