diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2017-09-16 13:03:36 -0700 |
|---|---|---|
| committer | Mathieu Lirzin <mthl@gnu.org> | 2017-09-19 13:10:44 +0200 |
| commit | 3562e384f43bbd9d48598904a82a792039f4ce33 (patch) | |
| tree | 0a45d82621c6ef569a78a80ff9deca518aeac56b /PLANS/subdir-objects.txt | |
| parent | 29408e8b1d6efec3a416a761742e5cceae381d19 (diff) | |
| download | automake-3562e384f43bbd9d48598904a82a792039f4ce33.tar.gz | |
Prefer https: URLs
In Gnulib, Emacs, etc. we are changing ftp: and http: URLs to use
https:, to discourage man-in-the-middle attacks when downloading
software. The attached patch propagates these changes upstream to
Automake. This patch does not affect files that Automake is
downstream of, which I'll patch separately.
Althouth the resources are not secret, plain HTTP is vulnerable to
malicious routers that tamper with responses from GNU servers,
and this sort of thing is all too common when people in some other
countries browse US-based websites. See, for example:
Aceto G, Botta A, Pescapé A, Awan MF, Ahmad T, Qaisar
S. Analyzing internet censorship in Pakistan. RTSI
2016. https://dx.doi.org/10.1109/RTSI.2016.7740626
HTTPS is not a complete solution here, but it can be a significant
help. The GNU project regularly serves up code to users, so we should
take some care here.
Diffstat (limited to 'PLANS/subdir-objects.txt')
| -rw-r--r-- | PLANS/subdir-objects.txt | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/PLANS/subdir-objects.txt b/PLANS/subdir-objects.txt index c849e338e..c6a046f52 100644 --- a/PLANS/subdir-objects.txt +++ b/PLANS/subdir-objects.txt @@ -3,7 +3,7 @@ Summary We want to make the behaviour currently enabled by the 'subdir-objects' the default one, and in fact the *only* one, in Automake 2.0. -See automake bug#13378: <http://debbugs.gnu.org/13378>. +See automake bug#13378: <https://debbugs.gnu.org/13378>. Details ------- @@ -29,8 +29,8 @@ DONE for automake 1.13.2 The bug spotted by Nick Bowler: - <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13378#35> - <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13378#44> + <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=13378#35> + <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=13378#44> and exposed in test case 't/ccnoco4.sh' has been fixed (see commit v1.13.1-56-g34001a9). The bug was due to the fact that Automake-generated @@ -53,7 +53,7 @@ for suggesting this). For automake 1.16 (*before* 2.0 can be released) ------------------------------------------------ -Submit the pending patch series that fixes http://debbugs.gnu.org/13928 +Submit the pending patch series that fixes https://debbugs.gnu.org/13928 For automake 2.0 ---------------- |