Re: HTTPS in DEP-5

2016-03-06 Thread Bas Wijnen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Mar 06, 2016 at 08:13:49PM +, Ben Hutchings wrote: > On Sun, 2016-03-06 at 19:19 +, Bas Wijnen wrote: > > On Sun, Mar 06, 2016 at 07:35:57PM +0100, Jakub Wilk wrote: > > > > > > So, what we're going to do about it? I see the following

Re: HTTPS in DEP-5

2016-03-06 Thread Ben Hutchings
On Sun, 2016-03-06 at 19:19 +, Bas Wijnen wrote: > On Sun, Mar 06, 2016 at 07:35:57PM +0100, Jakub Wilk wrote: > > > > So, what we're going to do about it? I see the following options: > > > > B) Fix the spec to allow the HTTPS URL; fix the HTTP-only consumers. > That.  Https is good for our

Re: HTTPS in DEP-5

2016-03-06 Thread Russ Allbery
Bas Wijnen writes: > On Sun, Mar 06, 2016 at 07:35:57PM +0100, Jakub Wilk wrote: >> So, what we're going to do about it? I see the following options: >> B) Fix the spec to allow the HTTPS URL; fix the HTTP-only consumers. > That. Https is good for our users. Even if the

Re: HTTPS in DEP-5

2016-03-06 Thread Alexandre Detiste
Le dimanche 6 mars 2016, 19:19:35 Bas Wijnen a écrit : > That. Https is good for our users. Even if the effect of this change is very > minor, we should show them that it should be the default everywhere. > Having https://incoming.debian.org/ would be nice too. Alexandre

Re: HTTPS in DEP-5

2016-03-06 Thread Bas Wijnen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Mar 06, 2016 at 07:35:57PM +0100, Jakub Wilk wrote: > So, what we're going to do about it? I see the following options: > > B) Fix the spec to allow the HTTPS URL; fix the HTTP-only consumers. That. Https is good for our users. Even if the

Re: HTTPS in DEP-5

2016-03-06 Thread Geert Stappers
On Sun, Mar 06, 2016 at 07:35:57PM +0100, Jakub Wilk wrote: > The machine-readable debian/copyright file specification says that > the Format field should contain: > > http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ > > These days www.debian.org supports HTTPS+HSTS (thanks,

HTTPS in DEP-5

2016-03-06 Thread Jakub Wilk
The machine-readable debian/copyright file specification says that the Format field should contain: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ These days www.debian.org supports HTTPS+HSTS (thanks, DSA!). Apparently this prompted some people to replace "http" with