commit: 737838e212d9e59feb700e651a6236711cc8d368 Author: Michał Górny <mgorny <AT> gentoo <DOT> org> AuthorDate: Sat Aug 19 08:04:13 2017 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Fri Aug 25 13:51:54 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=737838e2
git-r3.eclass: Update docs to discourage unsafe protocols eclass/git-r3.eclass | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass index bc7d4d92029..a0aa004caa2 100644 --- a/eclass/git-r3.eclass +++ b/eclass/git-r3.eclass @@ -105,18 +105,22 @@ fi # @ECLASS-VARIABLE: EGIT_REPO_URI # @REQUIRED # @DESCRIPTION: -# URIs to the repository, e.g. git://foo, https://foo. If multiple URIs -# are provided, the eclass will consider them as fallback URIs to try -# if the first URI does not work. For supported URI syntaxes, read up -# the manpage for git-clone(1). +# URIs to the repository, e.g. https://foo. If multiple URIs are +# provided, the eclass will consider the remaining URIs as fallbacks +# to try if the first URI does not work. For supported URI syntaxes, +# read the manpage for git-clone(1). # -# It can be overriden via env using ${PN}_LIVE_REPO variable. +# URIs should be using https:// whenever possible. http:// and git:// +# URIs are completely unsecured and their use (even if only as +# a fallback) renders the ebuild completely vulnerable to MITM attacks. +# +# It can be overridden via env using ${PN}_LIVE_REPO variable. # # Can be a whitespace-separated list or an array. # # Example: # @CODE -# EGIT_REPO_URI="git://a/b.git https://c/d.git"; +# EGIT_REPO_URI="https://a/b.git https://c/d.git"; # @CODE # @ECLASS-VARIABLE: EVCS_OFFLINE
