FS#52626 - [etckeeper] TLS available for the git source + stable commit hash
Attached to Project:
Community Packages
Opened by Levente Polyak (anthraxx) - Wednesday, 18 January 2017, 23:59 GMT
Last edited by Christian Hesse (eworm) - Sunday, 29 January 2017, 19:15 GMT
Opened by Levente Polyak (anthraxx) - Wednesday, 18 January 2017, 23:59 GMT
Last edited by Christian Hesse (eworm) - Sunday, 29 January 2017, 19:15 GMT
|
Details
Hey ho :)
1. It would be really great and appreciated if you could switch the source URL to a TLS protected one, available via: git+https://git.kitenet.net/git/etckeeper.git This protects the transport from a very simple MitM that offers new commits/tags that don't officially exist. 2. It would also be gorgeous if you can use a full git commit hash instead of a tag name, this adds the same value as non-git packages: It has a clear meaning about the current state/integrity. A tags can re republished, if pulled cleanly, without any notice. (a pkgver function can be handy for this, have a look at gdk-pixbuf2) Example: https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/gdk-pixbuf2 PS: If you find dealing with the commit hash annoying, heftig has a sweet script on our soyuz server: /usr/local/bin/gitpkg Thanks in advance and have a nice evening :] cheers, anthraxx |
This task depends upon
Closed by Christian Hesse (eworm)
Sunday, 29 January 2017, 19:15 GMT
Reason for closing: Implemented
Additional comments about closing: etckeeper 1.18.6-1
Sunday, 29 January 2017, 19:15 GMT
Reason for closing: Implemented
Additional comments about closing: etckeeper 1.18.6-1