Obtaining code over an insecure transport is a terrible idea for blatently obvious reasons. Even for non-executable data, insecure transports are considered deprecated.
Changes since v3: - Drop patch 4, which is an unrelated removal of unused code. - Do not fail with an error if one tries to build the I/O emulator, vTPM, or vTPM manager stubdomains and passes --enable-extfiles. The user may have provided alternate download URLs via environment variables. Changes since v2: - Drop patches 5 and 6, which changed links not used by automated tools. These patches are the least urgent and hardest to review. - Ensure that no links are broken, and fail with an error instead of trying to use links that *are* broken. Demi Marie Obenour (3): Use HTTPS for all xenbits.xen.org Git repos Build system: Replace git:// and http:// with https:// Automation and CI: Replace git:// and http:// with https:// Config.mk | 20 ++++++-------------- README | 4 ++-- automation/build/centos/CentOS-7.2.repo | 8 ++++---- automation/build/debian/stretch-llvm-8.list | 4 ++-- automation/build/debian/unstable-llvm-8.list | 4 ++-- automation/scripts/qemu-smoke-dom0-arm32.sh | 2 +- docs/misc/livepatch.pandoc | 2 +- docs/process/xen-release-management.pandoc | 2 +- scripts/get_maintainer.pl | 2 +- stubdom/configure | 18 +++++++++--------- stubdom/configure.ac | 18 +++++++++--------- tools/firmware/etherboot/Makefile | 6 +----- 12 files changed, 39 insertions(+), 51 deletions(-) -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab