diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2017-09-16 13:03:36 -0700 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2017-09-16 13:25:44 -0700 |
| commit | 199e7a445040270fa5ef67623c56cde40d765199 (patch) | |
| tree | 79d5ad3495469737e8eb56be09b2e32f09cc1fed /PLANS/obsolete-removed/am-prog-mkdir-p.txt | |
| parent | f389ecb89acb7f51b6a9e8f41ebad3e45ac905a2 (diff) | |
| download | automake-199e7a445040270fa5ef67623c56cde40d765199.tar.gz | |
Prefer https: URLs
In Gnulib, Emacs, etc. we are changing ftp: and http: URLs to use
https:, to discourage man-in-the-middle attacks when downloading
software. The attached patch propagates these changes upstream to
Automake. This patch does not affect files that Automake is
downstream of, which I'll patch separately.
Althouth the resources are not secret, plain HTTP is vulnerable to
malicious routers that tamper with responses from GNU servers,
and this sort of thing is all too common when people in some other
countries browse US-based websites. See, for example:
Aceto G, Botta A, Pescapé A, Awan MF, Ahmad T, Qaisar
S. Analyzing internet censorship in Pakistan. RTSI
2016. https://dx.doi.org/10.1109/RTSI.2016.7740626
HTTPS is not a complete solution here, but it can be a significant
help. The GNU project regularly serves up code to users, so we should
take some care here.
Diffstat (limited to 'PLANS/obsolete-removed/am-prog-mkdir-p.txt')
| -rw-r--r-- | PLANS/obsolete-removed/am-prog-mkdir-p.txt | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/PLANS/obsolete-removed/am-prog-mkdir-p.txt b/PLANS/obsolete-removed/am-prog-mkdir-p.txt index 3fe720e41..f2fd4c8d0 100644 --- a/PLANS/obsolete-removed/am-prog-mkdir-p.txt +++ b/PLANS/obsolete-removed/am-prog-mkdir-p.txt @@ -18,14 +18,14 @@ Automake 1.13 -- see commit 'v1.12-20-g8a1c64f'. Alas, it turned out the latest Gettext version at the time (0.18.1.1) was still using that macro: - <http://lists.gnu.org/archive/html/automake/2012-09/msg00010.html> + <https://lists.gnu.org/archive/html/automake/2012-09/msg00010.html> And since the maintenance of Gettext was stalled, I couldn't get a fix committed and released in time for the appearance of Automake 1.13: - <http://lists.gnu.org/archive/html/bug-gettext/2012-04/msg00018.html> - <http://lists.gnu.org/archive/html/bug-gettext/2012-06/msg00012.html> - <http://lists.gnu.org/archive/html/bug-gettext/2012-10/msg00001.html> + <https://lists.gnu.org/archive/html/bug-gettext/2012-04/msg00018.html> + <https://lists.gnu.org/archive/html/bug-gettext/2012-06/msg00012.html> + <https://lists.gnu.org/archive/html/bug-gettext/2012-10/msg00001.html> So, on strong advice by Jim Meyering, in commit 'v1.12.4-158-gdf23daf' I re-introduced AM_PROG_MKDIR_P in Automake (thanks to Jim for having @@ -51,7 +51,7 @@ calls), and of course, the pre-0.18.2 version of some of these files still contains occurrences of AM_PROG_MKDIR_P -- so Automake 1.13 errors out, and we lose. That already happened in practice: - <http://lists.gnu.org/archive/html/bug-grep/2013-01/msg00003.html> + <https://lists.gnu.org/archive/html/bug-grep/2013-01/msg00003.html> Moreover, while I might see it as not unreasonable to ask a developer using Automake 2.0 to also update Gettext to 1.18.2, that would not |