On Tue, Feb 21, 2023 at 11:07:58AM +0100, Jan Beulich wrote: > On 19.02.2023 03:46, Demi Marie Obenour wrote: > > --- a/stubdom/configure > > +++ b/stubdom/configure > > @@ -3535,7 +3535,7 @@ if test "x$ZLIB_URL" = "x"; then : > > if test "x$extfiles" = "xy"; then : > > ZLIB_URL=\$\(XEN_EXTFILES_URL\) > > else > > - ZLIB_URL="http://www.zlib.net"; > > + ZLIB_URL="https://www.zlib.net"; > > fi > > In v3 you said that this URL can't be used anymore for the version we're > trying to fetch (which I can confirm). Leaving aside the question of why > stubdom was never updated in that regard, what use is it to update URL > (without even mentioning the aspect in the description) in such a case? > (I haven't gone through any of the other URLs again, so there may well > be more similar cases.)
Main advantage is that it will fail securely rather than downloading whatever random code an MITM attacker put in there. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab
signature.asc
Description: PGP signature
