From e3c916c6d7f2abe77c85e1bfa7f9a1810848f129 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Mon, 18 Mar 2019 23:10:40 +0000 Subject: [PATCH] debian/bin/abiupdate.py: Change default URLs to use https: scheme Since we don't use the Release and Packages files to verify the packages we download, it's worth using TLS to reduce the risk of a man-in-the-middle corrupting them. ftp.ports.debian.org and security.debian.org don't support TLS in general, so use deb.debian.org for the ports and security archives. --- debian/bin/abiupdate.py | 10 +++++----- debian/changelog | 1 + 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/debian/bin/abiupdate.py b/debian/bin/abiupdate.py index 74d43c6f6..635ff034e 100755 --- a/debian/bin/abiupdate.py +++ b/debian/bin/abiupdate.py @@ -13,11 +13,11 @@ from debian_linux.abi import Symbols from debian_linux.config import ConfigCoreDump from debian_linux.debian import Changelog, VersionLinux -default_url_base = "http://deb.debian.org/debian/" -default_url_base_incoming = "http://incoming.debian.org/debian-buildd/" -default_url_base_ports = "http://ftp.ports.debian.org/debian-ports/" -default_url_base_ports_incoming = "http://incoming.ports.debian.org/" -default_url_base_security = "http://security.debian.org/" +default_url_base = "https://deb.debian.org/debian/" +default_url_base_incoming = "https://incoming.debian.org/debian-buildd/" +default_url_base_ports = "https://deb.debian.org/debian-ports/" +default_url_base_ports_incoming = "https://incoming.ports.debian.org/" +default_url_base_security = "https://deb.debian.org/debian-security/" class url_debian_flat(object): diff --git a/debian/changelog b/debian/changelog index c11fafe62..24f82809d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ linux (4.19.28-3) UNRELEASED; urgency=medium * debian/bin/abiupdate.py: Automatically select the correct archive to fetch from + * debian/bin/abiupdate.py: Change default URLs to use https: scheme -- Ben Hutchings Mon, 18 Mar 2019 22:50:08 +0000