From nobody Thu Feb 15 14:55:03 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TbJ570ZMpz5467g for ; Thu, 15 Feb 2024 14:55:07 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TbJ5666Fnz4JKm for ; Thu, 15 Feb 2024 14:55:06 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-io1-xd2f.google.com with SMTP id ca18e2360f4ac-7c4359c5d33so34801439f.1 for ; Thu, 15 Feb 2024 06:55:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1708008905; x=1708613705; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=byQ9YHgVa5zpxNbKPTZU0lbyEdYDsjV1usNQccpTCAg=; b=EtKNAVaVDJ9hFdKWRTqEcacB4VsH1AlRn3wok2rwC7UONaevFJO4TJPskqm6SeUG5W ySTy0o0zuypPnMgsBvpHo9cgSSGqxseKVmtMbzNohpYGKdngKa+UckNnwTjMR7uMmVoe 7ouhvWbZwOtzy/9AFNheNf298N2vLUhxX5/toRWyDErzLTdU90g3pqfhSrYEcQFABRnH PbtS8gPBOoQtGLbFAOikZhoZA603CDDt1iTu+ahhk1l+rGnyK3UuxZ9m3WOA3qcP6mVA ekXhwFyd6d5N98RGZm3p1sqZ0L8OyGu0hYGJhik/nQ2wrIGCua03Jq6OR6dfYbNOyAGX 02UQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708008905; x=1708613705; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=byQ9YHgVa5zpxNbKPTZU0lbyEdYDsjV1usNQccpTCAg=; b=KuO/Ctk4e/K7Q6lrMsAl+u2Rk9OZIdeX9R2ZeMbjK/6s9MN5/9ffUrM9j4Z5xr/OzI OTGHYdr8PBqHgxg55VRhfeOKkx24TKAiyQr+HHYsYgl8O2SagauTWEs1/pa6vOmG2W2x gFiabp2XxtQ3pMEIJ/ATr2HHNvZI1Og37SvjrWIm7U+zOHxKLEExvmOQG31aRqfYcKUy P978AlcYM+SGtozfUcwAn8e+jC7Iujsgoj5YZg63wi9XmGf2ZtzllAxOXAMln262dqEn CnDmEMKgwbtYlAtfppBYaGquqp9bokFa5dwAoMkqTVjQBAERGNilmzAGOq1n30Lm+SS1 O/Mw== X-Forwarded-Encrypted: i=1; AJvYcCVbVLZhcqDn5URjfaw5UXyP2bmKHpejw1kb1L5kkQbytc7FrV2V+Pbf1l0j84q1J+yvNEECtt5UNuw9YG7hjDL/RGKCYc1MQRtmWiG23hioJA== X-Gm-Message-State: AOJu0YzhlmGQjPDLKc08HTq2iHMcpqJk6i2RIRt+dkK+Myz3Pm30B3gh v89qcJUXROeqV6vzCmQ4ntOWyg1DCGsqRk+HwDfxk2hxzP39vnlgH5DTG+OQil0= X-Google-Smtp-Source: AGHT+IGR8jLttfRyLWQyfr4g4mUV+A14esEibBdABglU7Zw9r90WdvxJ3z7+h0DWhopf6ghMwxmGcA== X-Received: by 2002:a5e:9901:0:b0:7c4:7a26:60fd with SMTP id t1-20020a5e9901000000b007c47a2660fdmr2148715ioj.16.1708008905505; Thu, 15 Feb 2024 06:55:05 -0800 (PST) Received: from mutt-hbsd (174-24-72-211.clsp.qwest.net. [174.24.72.211]) by smtp.gmail.com with ESMTPSA id v27-20020a056602059b00b007c407999103sm350057iox.53.2024.02.15.06.55.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 06:55:04 -0800 (PST) Date: Thu, 15 Feb 2024 14:55:03 +0000 From: Shawn Webb To: Philip Paeps Cc: Ronald Klop , dev-commits-src-main@freebsd.org, src-committers@freebsd.org, dev-commits-src-all@freebsd.org Subject: Re: git: 9c59988175ff - main - bsdinstall: prefer HTTP Message-ID: X-Operating-System: FreeBSD mutt-hbsd 15.0-CURRENT-HBSD FreeBSD 15.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <901819076.6938.1708005969197@localhost> <7B54789B-90DD-4A85-8E2B-84E13DAE54B5@freebsd.org> <4A6EC239-4B9B-442C-ACFB-8F99A951630A@freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="evakntyqaitg5ijt" Content-Disposition: inline In-Reply-To: <4A6EC239-4B9B-442C-ACFB-8F99A951630A@freebsd.org> X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4TbJ5666Fnz4JKm X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated --evakntyqaitg5ijt Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 15, 2024 at 10:50:19PM +0800, Philip Paeps wrote: > On 2024-02-15 22:40:19 (+0800), Shawn Webb wrote: > > On Thu, Feb 15, 2024 at 10:28:53PM +0800, Philip Paeps wrote: > > > On 2024-02-15 22:06:09 (+0800), Ronald Klop wrote: > > > > Shouldn=E2=80=99t this be > > > >=20 > > > > https://download.freebsd.org/ > > >=20 > > > No. > > >=20 > > > For hysterical raisins, FTP sites conventionally put FreeBSD under > > > /pub/FreeBSD. HTTP mirrors (including http://ftp.FreeBSD.org) have > > > followed > > > that convention. > > >=20 > > > http://download.FreeBSD.org is a more recent addition, and it has > > > FreeBSD > > > under /, not under /pub/FreeBSD. We could teach nginx to put it > > > under > > > /pub/FreeBSD too, but spelling it ftp.FreeBSD.org was less work. > >=20 > > I'm curious to learn why you chose http:// rather than https://. >=20 > Because https:// only adds work. And work is heat. >=20 > bsdinstall uses the MANIFEST to confirm integrity. >=20 > If your bsdinstall and MANIFEST are from a trustworthy source, anything > downloaded over http:// will be trustworthy. Just as trustworthy, in fac= t, > as anything downloaded over ftp://. There is the problem of metadata leakage, which HTTPS helps to address (though not completely.) Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --evakntyqaitg5ijt Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmXOJbwACgkQ/y5nonf4 4fok6A//XmTNIc+pYhy2zWAAIHXGrdlqCENi+GI/IBTqXQDF4YtdPLw6TrjOBz15 jzWTt6mdrKpqDSJkFEU7z/ctr3LIOi5dMQ2+netXABjwQgg1we4Aq1M7IHgjEokA ug/0Vv0TuwKgAA956ImDN6ia1go+KNsUBg+DnkHiwgqSOxTHdJKLzdzhHJAJBZcP WI7kC5LTNUUfAqNQsnJt/RPu1beRpvB+SoxMXDsMyY9s6Ei8D119kIaSwWLughbK pqars+YxtAW5SULNpk8JNQzZrkZirlR2Rmvn2VVe4kV53KyIM7wvl1tGsbkfr2w2 x3+EDf2Xl5auFMEVXC2WX7lSL2S1A8wxjWynoP4oeflc+TdY1bUuvMdhvbL/qd6r dZmlBdvaz0POVKPv+w587nvk5eXnKuJj5L4a6t32kzDBsc3t/3vX9SV1W5WO2jxJ J0/YArMxHeZyPMkFRf8Vcpq1MvzZ1EPWR4vWsyvOt1e3J/UcAmxgjTV0dndyR9TJ wXEzqsOilEMMkgAVJdFhWvwIiw0GtkZaaj4wuoeATB6TYgDxPmYExcu0jP7xlVJv AB/rMZXsRqoA4JvrQcKyDLuo0HIuOugogAS3rQR8h220ZmGsYfKi+o4zGTIruUO+ Ux1uywAZpKm3n9cVnGVaySz7LsN0qw6T3KvSMef+5oa9Xp9ktFg= =wD1R -----END PGP SIGNATURE----- --evakntyqaitg5ijt--