Message ID | 20200712111118.24916-1-grandmaster@al2klimov.de (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | sh: Replace HTTP links with HTTPS ones | expand |
On 7/12/20 6:11 AM, Alexander A. Klimov wrote: > Rationale: > Reduces attack surface on kernel devs opening the links for MITM > as HTTPS traffic is much harder to manipulate. Trimmed just to the one site without the self-signed certficate: check. > Deterministic algorithm: > For each file: > If not .svg: > For each line: > If doesn't contain `\bxmlns\b`: > For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: > If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: > If both the HTTP and HTTPS versions > return 200 OK and serve the same content: > Replace HTTP with HTTPS. > > Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Acked-by: Rob Landley <rob@landley.net> Rob
On Sun, Jul 12, 2020 at 06:30:04AM -0500, Rob Landley wrote: > On 7/12/20 6:11 AM, Alexander A. Klimov wrote: > > Rationale: > > Reduces attack surface on kernel devs opening the links for MITM > > as HTTPS traffic is much harder to manipulate. > > Trimmed just to the one site without the self-signed certficate: check. > > > Deterministic algorithm: > > For each file: > > If not .svg: > > For each line: > > If doesn't contain `\bxmlns\b`: > > For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: > > If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: > > If both the HTTP and HTTPS versions > > return 200 OK and serve the same content: > > Replace HTTP with HTTPS. > > > > Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> > > Acked-by: Rob Landley <rob@landley.net> Acked-by: Rich Felker <dalias@libc.org> I agree about replacing just the one with working https, not the dead self-signed one. Alexander, is this whole set being submitted upstream through a single maintainer, or do you want me to take the arch/sh patch individually? Rich
Am 13.07.20 um 01:39 schrieb Rich Felker: > Alexander, is this whole set being submitted upstream > through a single maintainer, I've no idea what you're talking about, so the answer is likely no. I've just followed the instructions on how to submit patches as for any other subsystem.
diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig index 9fc2b010e938..2fb9233f031e 100644 --- a/arch/sh/Kconfig +++ b/arch/sh/Kconfig @@ -630,7 +630,7 @@ config SMP Y to "Enhanced Real Time Clock Support", below. See also <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO - available at <http://www.tldp.org/docs.html#howto>. + available at <https://www.tldp.org/docs.html#howto>. If you don't know what to do here, say N.
Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> --- Strange... it seems something went wrong while scanning. Now better? arch/sh/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)