diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2017-09-16 13:03:36 -0700 |
---|---|---|
committer | Mathieu Lirzin <mthl@gnu.org> | 2017-09-19 13:10:44 +0200 |
commit | 3562e384f43bbd9d48598904a82a792039f4ce33 (patch) | |
tree | 0a45d82621c6ef569a78a80ff9deca518aeac56b /NEWS | |
parent | 29408e8b1d6efec3a416a761742e5cceae381d19 (diff) | |
download | automake-3562e384f43bbd9d48598904a82a792039f4ce33.tar.gz |
Prefer https: URLs
In Gnulib, Emacs, etc. we are changing ftp: and http: URLs to use
https:, to discourage man-in-the-middle attacks when downloading
software. The attached patch propagates these changes upstream to
Automake. This patch does not affect files that Automake is
downstream of, which I'll patch separately.
Althouth the resources are not secret, plain HTTP is vulnerable to
malicious routers that tamper with responses from GNU servers,
and this sort of thing is all too common when people in some other
countries browse US-based websites. See, for example:
Aceto G, Botta A, Pescapé A, Awan MF, Ahmad T, Qaisar
S. Analyzing internet censorship in Pakistan. RTSI
2016. https://dx.doi.org/10.1109/RTSI.2016.7740626
HTTPS is not a complete solution here, but it can be a significant
help. The GNU project regularly serves up code to users, so we should
take some care here.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -286,8 +286,8 @@ New in 1.14: compiler is an inferior one that doesn't grasp the combined use of both the "-c -o" options; see discussion about automake bug#13378 for more details: - <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13378#35> - <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13378#44> + <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=13378#35> + <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=13378#44> - The next major Automake version (2.0) will unconditionally activate the 'subdir-objects' option. In order to smooth out the transition, @@ -591,7 +591,7 @@ New in 1.13: - Support for the "Cygnus-style" trees (once enabled by the 'cygnus' option) has been removed. See discussion about automake bug#11034 - for more background: <http://debbugs.gnu.org/11034>. + for more background: <https://debbugs.gnu.org/11034>. - The deprecated aclocal option '--acdir' has been removed. You should use the options '--automake-acdir' and '--system-acdir' @@ -1562,7 +1562,7 @@ New in 1.11: - Automake development is done in a git repository on Savannah now, see - http://git.sv.gnu.org/gitweb/?p=automake.git + https://git.sv.gnu.org/gitweb/?p=automake.git A read-only CVS mirror is provided at @@ -3010,4 +3010,4 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License -along with this program. If not, see <http://www.gnu.org/licenses/>. +along with this program. If not, see <https://www.gnu.org/licenses/>. |