Re: http URLs should be updated to https

[Vincent Lefevre]

On 2022-05-08 17:51:30 +0200, Daniel Sahlberg wrote:
> Den fre 11 mars 2022 kl 12:10 skrev Vincent Lefevre  >:
> 
> > On 2022-03-11 10:29:12 +, Julian Foad wrote:
> > > Julian Foad wrote:
> > > > +1. Can you send a patch?
> > >
> > > By the way, the reason I ask if you would be willing, rather than "just
> > > quickly doing it" myself, is even a small "obvious" fix like this tends
> > > to require more than it initially looks like: checking if it's already
> > > done in head of trunk,
> >
> > This is what I'm looking at.
> >
> 
> Hi Vincent,
> 
> Did you get around to do anything about this? Even if you didn't complete
> it, maybe we can commit part of the job.
[...]

Hi Daniel,

Sorry for the late reply. I got busy for the past few months.
But I can now look at it.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: http URLs should be updated to https

[Daniel Sahlberg]

Den fre 11 mars 2022 kl 12:10 skrev Vincent Lefevre :

> On 2022-03-11 10:29:12 +, Julian Foad wrote:
> > Julian Foad wrote:
> > > +1. Can you send a patch?
> >
> > By the way, the reason I ask if you would be willing, rather than "just
> > quickly doing it" myself, is even a small "obvious" fix like this tends
> > to require more than it initially looks like: checking if it's already
> > done in head of trunk,
>
> This is what I'm looking at.
>

Hi Vincent,

Did you get around to do anything about this? Even if you didn't complete
it, maybe we can commit part of the job.

>
> > finding other similar places,
>
> I typically do a recursive grep to find the potential updates to be
> done.
>
> > deciding if any of them shouldn't be updated for whatever reason,
> > running the test suite, adjusting test results to match...
>
> Yes, this requires some time to do it well (I've already done such
> kinds of changes in another project), mainly for checking. I suppose
> that eveything the end user can see needs to be updated, but also
> for the readers of the source code, e.g. comments like
>
>   #  See http://subversion.apache.org for more information.
>
> I have a question for 2 kinds of files. I think that the URLs should
> be updated too in these files, but I need confirmation:
>   * The "CHANGES" file.
>

I think it is reasonable. There is also a link to subversion.tigris.org,
the old-old mailinglist. The message can probably be found in
lists.apache.org but it might take a bit of time to investigate exactly
what message was linked originally.


>   * The .po files. The advantage is that this would avoid the need of
> the update by the translators. A potential drawback is that the
> additional character might need to adjust the formatting, e.g. to
> fit on 80 columns where applicable (there aren't many concerned
> lines, so that I could report any such formatting issue).
>

This is probably also a good idea. 80-column overflows can be reported (and
potentially ignored if you don't want to get into it).

Kind regards,
Daniel

Re: http URLs should be updated to https

[Daniel Shahaf]

Vincent Lefevre wrote on Fri, Mar 11, 2022 at 12:09:59 +0100:
> On 2022-03-11 10:29:12 +, Julian Foad wrote:
> > Julian Foad wrote:
> > > +1. Can you send a patch?
> > 
> > By the way, the reason I ask if you would be willing, rather than "just
> > quickly doing it" myself, is even a small "obvious" fix like this tends
> > to require more than it initially looks like: checking if it's already
> > done in head of trunk,
> 
> This is what I'm looking at.
> 
> > finding other similar places,
> 
> I typically do a recursive grep to find the potential updates to be
> done.
> 
> > deciding if any of them shouldn't be updated for whatever reason,
> > running the test suite, adjusting test results to match...
> 
> Yes, this requires some time to do it well (I've already done such
> kinds of changes in another project), mainly for checking. I suppose
> that eveything the end user can see needs to be updated, but also
> for the readers of the source code, e.g. comments like
> 
>   #  See http://subversion.apache.org for more information.

+1

> I have a question for 2 kinds of files. I think that the URLs should
> be updated too in these files, but I need confirmation:
>   * The "CHANGES" file.

Most instances can be changed, yes, but some instances of "http://"; are
shorthand for "any http://* or https://*"; URL and should probably be
left alone.  And naturally, http://third-party.example.com/ stuff
shouldn't be changed unless the new value is verified to work.

>   * The .po files. The advantage is that this would avoid the need of
> the update by the translators. A potential drawback is that the
> additional character might need to adjust the formatting, e.g. to
> fit on 80 columns where applicable (there aren't many concerned
> lines, so that I could report any such formatting issue).

+1 and thank you.

Instead of reporting them, it might be easier for you to just leave the
entire msgid/msgstr pair untouched.  We could then generate a list of
the remaining issues by grepping again, and the translator would notice
the out-of-date message when they next update the translation.

Cheers,

Daniel

Re: http URLs should be updated to https

[Vincent Lefevre]

On 2022-03-11 10:29:12 +, Julian Foad wrote:
> Julian Foad wrote:
> > +1. Can you send a patch?
> 
> By the way, the reason I ask if you would be willing, rather than "just
> quickly doing it" myself, is even a small "obvious" fix like this tends
> to require more than it initially looks like: checking if it's already
> done in head of trunk,

This is what I'm looking at.

> finding other similar places,

I typically do a recursive grep to find the potential updates to be
done.

> deciding if any of them shouldn't be updated for whatever reason,
> running the test suite, adjusting test results to match...

Yes, this requires some time to do it well (I've already done such
kinds of changes in another project), mainly for checking. I suppose
that eveything the end user can see needs to be updated, but also
for the readers of the source code, e.g. comments like

  #  See http://subversion.apache.org for more information.

I have a question for 2 kinds of files. I think that the URLs should
be updated too in these files, but I need confirmation:
  * The "CHANGES" file.
  * The .po files. The advantage is that this would avoid the need of
the update by the translators. A potential drawback is that the
additional character might need to adjust the formatting, e.g. to
fit on 80 columns where applicable (there aren't many concerned
lines, so that I could report any such formatting issue).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: http URLs should be updated to https

[Julian Foad]

Julian Foad wrote:
> +1. Can you send a patch?

By the way, the reason I ask if you would be willing, rather than "just
quickly doing it" myself, is even a small "obvious" fix like this tends
to require more than it initially looks like: checking if it's already
done in head of trunk, finding other similar places, deciding if any of
them shouldn't be updated for whatever reason, running the test suite,
adjusting test results to match...

Re: http URLs should be updated to https

[Julian Foad]

+1. Can you send a patch?
- Julian

http URLs should be updated to https

[Vincent Lefevre]

When running "svn --help", I get:

[...]
For additional information, see http://subversion.apache.org/

This URL should be updated to https, and probably other instances
in the Subversion source.

http://svnbook.red-bean.com is also concerned.

Even though the websites automatically redirect to https, using
https URLs directly has at least 2 advantages:
  * this redirection is not always protected against man-in-the-middle
attacks;
  * using https would be a bit faster (by skipping the redirection).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)