From unknown Tue Aug 19 10:05:46 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#29046] [PATCH] gnu: linux-libre: Update to 4.13.10 and change URL to HTTPS. Resent-From: Rutger Helling Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 28 Oct 2017 21:16:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 29046 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 29046@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.150922533528338 (code B ref -1); Sat, 28 Oct 2017 21:16:01 +0000 Received: (at submit) by debbugs.gnu.org; 28 Oct 2017 21:15:35 +0000 Received: from localhost ([127.0.0.1]:39517 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e8YS7-0007Mz-3F for submit@debbugs.gnu.org; Sat, 28 Oct 2017 17:15:35 -0400 Received: from eggs.gnu.org ([208.118.235.92]:56828) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e8YS5-0007Mo-HC for submit@debbugs.gnu.org; Sat, 28 Oct 2017 17:15:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e8YRz-00025H-BQ for submit@debbugs.gnu.org; Sat, 28 Oct 2017 17:15:28 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, HTML_MESSAGE,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:50627) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e8YRz-00024y-80 for submit@debbugs.gnu.org; Sat, 28 Oct 2017 17:15:27 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47792) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e8YRy-00056Y-48 for guix-patches@gnu.org; Sat, 28 Oct 2017 17:15:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e8YRu-0001xk-1O for guix-patches@gnu.org; Sat, 28 Oct 2017 17:15:26 -0400 Received: from mx.kolabnow.com ([95.128.36.40]:42982) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e8YRt-0001tw-JL for guix-patches@gnu.org; Sat, 28 Oct 2017 17:15:21 -0400 Received: from localhost (unknown [127.0.0.1]) by ext-mx-out001.mykolab.com (Postfix) with ESMTP id 13DCB1B5 for ; Sat, 28 Oct 2017 23:15:19 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mykolab.com; h= message-id:subject:subject:from:from:date:date:content-type :content-type:mime-version:received:received:received; s= dkim20160331; t=1509225316; x=1509225338; bh=qsAIyoZwOE8bwPKSEZE VduczosXK9zswWp1UZ0WlirA=; b=aAoRe72Gg868mL3v0gD3KWSVXKFgMyE0Sc9 p164XHJlFQpIVrpWQ3m40dcMFTyKfRzuK/O5uQNpVnVOYsbiBnkv/dSUJTv6jOqr cCmZyLc4sTJ36i20rwsudE0pVPYdzM/FnThp6dgNW7Oo3sHQVggDDsPMsdGMOUHZ q7UYhHWHdndO8BgCHvWBd7ykTKVDqrB8NH6U4aQyDqv4LM8Y8WcN8Xy1BaZSzQZs /hR8W0UnUacemEhOlzlniKHIpReFkmyCZE7GbXHzszZ9v3Z4qdqgll7sP791/Twa LBEbprLSoOISDxvLeGO8SwNEmiETBQBFxic+ux4+C3ax8iE6T1RWDW2aYP1Cf1xf 4Y//d9skP371FvUKpacbfmuKrhRTuQvFxc2Nse4E4etsiZG0cEhC1FKMmfTBs60l aBH21dsNUyYd787PFR3M4iZuVr5Bp8VxLL8ncYkzpit/kiUcolINMCElzPRwQbym Hjwb8OeP6Lbd0vAPilADjXFa/gbgcqyulRlMtoJz4B9dgXrwXqURENdlFqokhAey 1XmMX0oQYKhk/uvGZf7vr/rabTL2v7gxGNy4BBmvP90uHirPXEsNPHyZagRlqD2Y a6dPnuuwwAJcBjky9y0t2TdgZ5QDYdXImbtxnmURO6Kt2uf3uH2TunGXmUVkdOD6 tIPSLh3Q= X-Virus-Scanned: amavisd-new at mykolab.com Received: from mx.kolabnow.com ([127.0.0.1]) by localhost (ext-mx-out001.mykolab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8q79AEp4pZnV for ; Sat, 28 Oct 2017 23:15:16 +0200 (CEST) Received: from int-mx001.mykolab.com (unknown [10.9.13.1]) by ext-mx-out001.mykolab.com (Postfix) with ESMTPS id BDC6F18E for ; Sat, 28 Oct 2017 23:15:16 +0200 (CEST) Received: from int-subm002.mykolab.com (unknown [10.9.37.2]) by int-mx001.mykolab.com (Postfix) with ESMTPS id 9FD8C156 for ; Sat, 28 Oct 2017 23:15:16 +0200 (CEST) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_c83bcf77e9717a1bd90b70d20b5d996d" Date: Sat, 28 Oct 2017 23:15:16 +0200 From: Rutger Helling Message-ID: <70ee5da890c2fe609d54af4a3e1f18df@mykolab.com> X-Sender: rhelling@mykolab.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) --=_c83bcf77e9717a1bd90b70d20b5d996d Content-Type: multipart/alternative; boundary="=_109ef615bfe269aafbf5a876d8b87923" --=_109ef615bfe269aafbf5a876d8b87923 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Hey Guix, here's a patch to update linux-libre and change the URL to HTTPS. --=_109ef615bfe269aafbf5a876d8b87923 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8

Hey Guix,

here's a patch to update linux-libre and change the URL to HTTPS.

--=_109ef615bfe269aafbf5a876d8b87923-- --=_c83bcf77e9717a1bd90b70d20b5d996d Content-Transfer-Encoding: base64 Content-Type: text/x-diff; name=0001-gnu-linux-libre-Update-to-4.13.10-and-change-URL-to-.patch Content-Disposition: attachment; filename=0001-gnu-linux-libre-Update-to-4.13.10-and-change-URL-to-.patch; size=1505 RnJvbSAzZmFhNDkzYTYwNzkwN2Q2ZmI1NzFlNmMwZTNlYjM5MWFmN2E1YWVjIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBSdXRnZXIgSGVsbGluZyA8cmhlbGxpbmdAbXlrb2xhYi5jb20+ CkRhdGU6IFNhdCwgMjggT2N0IDIwMTcgMjI6MzY6MTYgKzAyMDAKU3ViamVjdDogW1BBVENIXSBn bnU6IGxpbnV4LWxpYnJlOiBVcGRhdGUgdG8gNC4xMy4xMCBhbmQgY2hhbmdlIFVSTCB0byBIVFRQ Uy4KCiogZ251L3BhY2thZ2VzL2xpbnV4LnNjbSAobGludXgtbGlicmUpOiBVcGRhdGUgdG8gNC4x My4xMCBhbmQgY2hhbmdlIFVSTCB0byBIVFRQUy4KLS0tCiBnbnUvcGFja2FnZXMvbGludXguc2Nt IHwgNiArKystLS0KIDEgZmlsZSBjaGFuZ2VkLCAzIGluc2VydGlvbnMoKyksIDMgZGVsZXRpb25z KC0pCgpkaWZmIC0tZ2l0IGEvZ251L3BhY2thZ2VzL2xpbnV4LnNjbSBiL2dudS9wYWNrYWdlcy9s aW51eC5zY20KaW5kZXggNDk2NjVlMjRkLi44MzFjMjY4ODQgMTAwNjQ0Ci0tLSBhL2dudS9wYWNr YWdlcy9saW51eC5zY20KKysrIGIvZ251L3BhY2thZ2VzL2xpbnV4LnNjbQpAQCAtMTQwLDcgKzE0 MCw3IEBAIGRlZmNvbmZpZy4gIFJldHVybiB0aGUgYXBwcm9waWF0ZSBtYWtlIHRhcmdldCBpZiBh cHBsaWNhYmxlLCBvdGhlcndpc2UgcmV0dXJuCiAoZGVmaW5lIChsaW51eC1saWJyZS11cmxzIHZl cnNpb24pCiAgICJSZXR1cm4gYSBsaXN0IG9mIFVSTHMgZm9yIExpbnV4LUxpYnJlIFZFUlNJT04u IgogICAobGlzdCAoc3RyaW5nLWFwcGVuZAotICAgICAgICAgImh0dHA6Ly9saW51eC1saWJyZS5m c2ZsYS5vcmcvcHViL2xpbnV4LWxpYnJlL3JlbGVhc2VzLyIKKyAgICAgICAgICJodHRwczovL2xp bnV4LWxpYnJlLmZzZmxhLm9yZy9wdWIvbGludXgtbGlicmUvcmVsZWFzZXMvIgogICAgICAgICAg dmVyc2lvbiAiLWdudS9saW51eC1saWJyZS0iIHZlcnNpb24gIi1nbnUudGFyLnh6IikKIAogICAg ICAgICA7OyBYWFg6IFdvcmsgYXJvdW5kIDxodHRwOi8vYnVncy5nbnUub3JnLzE0ODUxPi4KQEAg LTM2OCw4ICszNjgsOCBAQCBJdCBoYXMgYmVlbiBtb2RpZmllZCB0byByZW1vdmUgYWxsIG5vbi1m cmVlIGJpbmFyeSBibG9icy4iKQogCiAoZGVmaW5lICVpbnRlbC1jb21wYXRpYmxlLXN5c3RlbXMg JygieDg2XzY0LWxpbnV4IiAiaTY4Ni1saW51eCIpKQogCi0oZGVmaW5lICVsaW51eC1saWJyZS12 ZXJzaW9uICI0LjEzLjkiKQotKGRlZmluZSAlbGludXgtbGlicmUtaGFzaCAiMXltc2R2bTRkamg3 aGcyd21uMnYxMXczODBpMHNzOW5rcDRzbGZyZ2loZHZuNnlwNWdidiIpCisoZGVmaW5lICVsaW51 eC1saWJyZS12ZXJzaW9uICI0LjEzLjEwIikKKyhkZWZpbmUgJWxpbnV4LWxpYnJlLWhhc2ggIjB5 MXA1YjFyeHBicjNhcHZxcXY1ODlxd3pmeXpqcGRyenlzZmo0aDE3czBrNGd5NmM1cDgiKQogCiAo ZGVmaW5lLXB1YmxpYyBsaW51eC1saWJyZQogICAobWFrZS1saW51eC1saWJyZSAlbGludXgtbGli cmUtdmVyc2lvbgotLSAKMi4xNC4zCgo= --=_c83bcf77e9717a1bd90b70d20b5d996d-- From unknown Tue Aug 19 10:05:46 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#29046] [PATCH] gnu: linux-libre: Change URL to HTTPS. References: <70ee5da890c2fe609d54af4a3e1f18df@mykolab.com> In-Reply-To: <70ee5da890c2fe609d54af4a3e1f18df@mykolab.com> Resent-From: Rutger Helling Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 30 Oct 2017 07:07:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 29046 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 29046@debbugs.gnu.org Received: via spool by 29046-submit@debbugs.gnu.org id=B29046.150934721030556 (code B ref 29046); Mon, 30 Oct 2017 07:07:02 +0000 Received: (at 29046) by debbugs.gnu.org; 30 Oct 2017 07:06:50 +0000 Received: from localhost ([127.0.0.1]:41243 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e949q-0007wm-9d for submit@debbugs.gnu.org; Mon, 30 Oct 2017 03:06:50 -0400 Received: from mx.kolabnow.com ([95.128.36.42]:22326) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e949o-0007wY-7v for 29046@debbugs.gnu.org; Mon, 30 Oct 2017 03:06:48 -0400 Received: from localhost (unknown [127.0.0.1]) by ext-mx-out002.mykolab.com (Postfix) with ESMTP id 32D601E7 for <29046@debbugs.gnu.org>; Mon, 30 Oct 2017 08:06:42 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mykolab.com; h= message-id:subject:subject:from:from:date:date:content-type :content-type:mime-version:received:received:received; s= dkim20160331; t=1509347200; x=1509347222; bh=x50+A9MrEFOjVZ6i7Ud JLucGlpvBY76JAMZiWkYKmDQ=; b=ZoHXazf03wZO/CheG+dyesjfJWT3CZ6TkV4 PC5Xts952yYWhvU6S2ZlFddtCB23yCxWREXMpTXcYdTRyTTMurthKiW0UGU5lN/z PRNf11ZsxKRubXdMFR7xO7c31+/8TrvXYNZDxtlMKwh/Zz9TDbro2DgoGcUD1fj3 YmNqhxtloEs9XFGx4N4V2bHNfAcJ0HOKR3Tyy8y8HoOCsB1G8EpObp+9wWqymIxq kCBJrrLKhMuLxp+xZjVlWpxy1NXPZD+W4c66Tf2IGdU+LyLo6QN+tx7lfKbf+sXR GRVH/uIOatMOS1XiUiRYB3ZnFXeW7KWSzshBBYofMxVLpqE16d9wQccrvCs1feqj odSBTNHZgvzmyQi+hC3U7gOsGOLmceOXZEWGf3DG2Hylz3EMe6aXo2AbmZ76WFrz IJ7CeqtIC8VSs5+mbDlQqfkr3voelOZDJ74Fs+yY4dtG2xA81V2hVCfFn+j92bns hMHxZU7cyNoWcSNLRmR26d8IlqLwTEFMAs2N+mhdZ6WRTCYdBkwWMRwiEtPeZUq4 WX1EIvWaZt/PFjIDH6eW0f3cgOWpxzi+9nJov4Fu76o7rcqQGTWmDzWQpnLUtPqJ XriRwLSGpG9NLYLx73IHWmm/0+0dCplFMkQFjW9pV8Yo1r7lIf+aim2bRsMZ/DzV 7Cn70xPk= X-Virus-Scanned: amavisd-new at mykolab.com Received: from mx.kolabnow.com ([127.0.0.1]) by localhost (ext-mx-out002.mykolab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uMLjkskQuySE for <29046@debbugs.gnu.org>; Mon, 30 Oct 2017 08:06:40 +0100 (CET) Received: from int-mx002.mykolab.com (unknown [10.9.13.2]) by ext-mx-out002.mykolab.com (Postfix) with ESMTPS id 9DBAA19E for <29046@debbugs.gnu.org>; Mon, 30 Oct 2017 08:06:40 +0100 (CET) Received: from int-subm001.mykolab.com (unknown [10.9.37.1]) by int-mx002.mykolab.com (Postfix) with ESMTPS id 7FAB32383 for <29046@debbugs.gnu.org>; Mon, 30 Oct 2017 08:06:40 +0100 (CET) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_095545d0cdf29fc409ab11d19cc511cd" Date: Mon, 30 Oct 2017 08:06:39 +0100 From: Rutger Helling Message-ID: <30a6703bf921961424f93af098f2ec8f@mykolab.com> X-Sender: rhelling@mykolab.com X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) --=_095545d0cdf29fc409ab11d19cc511cd Content-Type: multipart/alternative; boundary="=_f6909c4512b03cf76f99b1d7ced77b58" --=_f6909c4512b03cf76f99b1d7ced77b58 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII I noticed linux-libre had already been updated, so this new patch only changes the URL to HTTPS. --=_f6909c4512b03cf76f99b1d7ced77b58 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8

I noticed linux-libre had already been updated, so this new patch only c= hanges the URL to HTTPS.

--=_f6909c4512b03cf76f99b1d7ced77b58-- --=_095545d0cdf29fc409ab11d19cc511cd Content-Transfer-Encoding: base64 Content-Type: text/x-diff; name=0001-gnu-linux-libre-Change-URL-to-HTTPS.patch Content-Disposition: attachment; filename=0001-gnu-linux-libre-Change-URL-to-HTTPS.patch; size=985 RnJvbSBiNjhhMmM2MzAyNTgzMjQ2MjhhN2VmMzQwMDVmZjFkNzkwYTNhMTM5IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBSdXRnZXIgSGVsbGluZyA8cmhlbGxpbmdAbXlrb2xhYi5jb20+ CkRhdGU6IE1vbiwgMzAgT2N0IDIwMTcgMDg6MDI6MTAgKzAxMDAKU3ViamVjdDogW1BBVENIXSBn bnU6IGxpbnV4LWxpYnJlOiBDaGFuZ2UgVVJMIHRvIEhUVFBTLgoKKiBnbnUvcGFja2FnZXMvbGlu dXguc2NtIChsaW51eC1saWJyZSk6IENoYW5nZSBVUkwgdG8gSFRUUFMuCi0tLQogZ251L3BhY2th Z2VzL2xpbnV4LnNjbSB8IDIgKy0KIDEgZmlsZSBjaGFuZ2VkLCAxIGluc2VydGlvbigrKSwgMSBk ZWxldGlvbigtKQoKZGlmZiAtLWdpdCBhL2dudS9wYWNrYWdlcy9saW51eC5zY20gYi9nbnUvcGFj a2FnZXMvbGludXguc2NtCmluZGV4IDhhODE3ZGYzNC4uNjMxNWI2NzRjIDEwMDY0NAotLS0gYS9n bnUvcGFja2FnZXMvbGludXguc2NtCisrKyBiL2dudS9wYWNrYWdlcy9saW51eC5zY20KQEAgLTE0 MCw3ICsxNDAsNyBAQCBkZWZjb25maWcuICBSZXR1cm4gdGhlIGFwcHJvcGlhdGUgbWFrZSB0YXJn ZXQgaWYgYXBwbGljYWJsZSwgb3RoZXJ3aXNlIHJldHVybgogKGRlZmluZSAobGludXgtbGlicmUt dXJscyB2ZXJzaW9uKQogICAiUmV0dXJuIGEgbGlzdCBvZiBVUkxzIGZvciBMaW51eC1MaWJyZSBW RVJTSU9OLiIKICAgKGxpc3QgKHN0cmluZy1hcHBlbmQKLSAgICAgICAgICJodHRwOi8vbGludXgt bGlicmUuZnNmbGEub3JnL3B1Yi9saW51eC1saWJyZS9yZWxlYXNlcy8iCisgICAgICAgICAiaHR0 cHM6Ly9saW51eC1saWJyZS5mc2ZsYS5vcmcvcHViL2xpbnV4LWxpYnJlL3JlbGVhc2VzLyIKICAg ICAgICAgIHZlcnNpb24gIi1nbnUvbGludXgtbGlicmUtIiB2ZXJzaW9uICItZ251LnRhci54eiIp CiAKICAgICAgICAgOzsgWFhYOiBXb3JrIGFyb3VuZCA8aHR0cDovL2J1Z3MuZ251Lm9yZy8xNDg1 MT4uCi0tIAoyLjE0LjMKCg== --=_095545d0cdf29fc409ab11d19cc511cd-- From unknown Tue Aug 19 10:05:46 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#29046] [PATCH] gnu: linux-libre: Change URL to HTTPS. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 30 Oct 2017 14:45:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 29046 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Rutger Helling Cc: 29046@debbugs.gnu.org, "Mark H. Weaver" Received: via spool by 29046-submit@debbugs.gnu.org id=B29046.15093746505175 (code B ref 29046); Mon, 30 Oct 2017 14:45:01 +0000 Received: (at 29046) by debbugs.gnu.org; 30 Oct 2017 14:44:10 +0000 Received: from localhost ([127.0.0.1]:42348 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e9BIQ-0001LO-JD for submit@debbugs.gnu.org; Mon, 30 Oct 2017 10:44:10 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:36779) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e9BIP-0001LI-Kc for 29046@debbugs.gnu.org; Mon, 30 Oct 2017 10:44:09 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 7ABFD207D7; Mon, 30 Oct 2017 10:44:09 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Mon, 30 Oct 2017 10:44:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= mesmtp; bh=aJXB+cDibQWbFuvPA85ZQOKVbY5XdAFqNcojhl0hX7I=; b=aUOLk Uly2KKLckcjLe0HwuQaID0k8O2Kca0yQJlWm6JhrJEroBRTrn5XH+l9//WeEjYG9 /sG5vNI8tJYEKyD/v2yFi5O70qceNrBrHG6mkLkGnseYQfeh0Nl9EgY0X3GcXMCt WIfklPGZzyST5OUOmboToJmp9mQtYFL9tB+fwc= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=aJXB+cDibQWbFuvPA85ZQOKVbY5Xd AFqNcojhl0hX7I=; b=alfWy0x6JrjP8X5q9Pzi1DwvCFeY+SKV7eoVwDJMPo43b Tt49vcO5QXQhcp5fNh8q3E7cRa32QTqqLwLYNU78EUDeNmnCMbmSfwlLRaUgvIbV rK2t1TOQaoqlmA/dLwqt9iHMX5NWz5HamxTXe/5VxNJQNLbDld9weO9aLMUYGgM5 aaj7LfZLRkKNj0jyaqtFONFYFbPpQ130KMS+EWbfXzZRXe03NqNMVs2ja/ny/gJa LhTVuTVxoNHEEH2LybfWurss99iZqSHJNEM+rNAcchS3Y+unp5rJBP1HAUsL65XH o5fM2KM/px7ZwdL++ufbeGofLDvkNe+7HGGCmRDkA== X-ME-Sender: Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 0DD8F241D9; Mon, 30 Oct 2017 10:44:09 -0400 (EDT) Date: Mon, 30 Oct 2017 10:44:08 -0400 From: Leo Famulari Message-ID: <20171030144408.GB27298@jasmine.lan> References: <70ee5da890c2fe609d54af4a3e1f18df@mykolab.com> <30a6703bf921961424f93af098f2ec8f@mykolab.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="8P1HSweYDcXXzwPJ" Content-Disposition: inline In-Reply-To: <30a6703bf921961424f93af098f2ec8f@mykolab.com> User-Agent: Mutt/1.9.1 (2017-09-22) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --8P1HSweYDcXXzwPJ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 30, 2017 at 08:06:39AM +0100, Rutger Helling wrote: > I noticed linux-libre had already been updated, so this new patch only > changes the URL to HTTPS. > From b68a2c630258324628a7ef34005ff1d790a3a139 Mon Sep 17 00:00:00 2001 > From: Rutger Helling > Date: Mon, 30 Oct 2017 08:02:10 +0100 > Subject: [PATCH] gnu: linux-libre: Change URL to HTTPS. >=20 > * gnu/packages/linux.scm (linux-libre): Change URL to HTTPS. Hi! Thanks for paying attention to the linux-libre packages. I'm copying Mark on this email, since he typically handles the linux-libre packages. Mark, what do you think of this change? --8P1HSweYDcXXzwPJ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAln3OrgACgkQJkb6MLrK fwguWRAAuXj+d4ENjRHdGZVUohD6pg5g02eVnI0EhkoYeJHNOKXTNZhPN9DJ4KbG J8NpqaHX1PZfv1xGibnYZfFnv+XMMe2ZRlAwBrRxliy9VmypIWy3JHFpBARrzC5J nr3Peow1vQA/XYKbxDJP29dvk54EO//DkxVEqICCHzn0AYUqSQq4kzk24ka/07cX IoYPbpm87odKfbQ/lVebLHCpE5m+sGKslRuJkYl/zgkBo4BM5Ded0uVX+4Pu1jnm zmagNeszGkVCGSVuuUJMGC7z+TrMBt4OZJ8ijlzcT0nh6/F5wcvGSk7qyHZqIq1Q GhzuV0Ej2K8DcYwTnhfnT29S76q8lPzKwO82fpcMZG876mLsjgpLJP/nasPDNU9E Nt5XhaN4BgPsdw0EdK6mIL6vJfygZfKTZdTvniaSRCijKAY6/lxVs4gBmDgXrPOW H6nA1WDj5mamFckd9nxeWUBzFHmD/QKC3S1TbsHclpVp4KD4rKi7PH7ROL9Yzia5 77stTB8MpRXtROE6msRdsE2sebDBMk+7to/6aM7/n9zQn/aPnl0EIpKNKOnvxB9r i7QXBJRoYPldMNWMI769qTDR5Sp3vJuezT0BRpJ/bTYTTG1gowf5H0W8pHA6R2UO ZB+qmWmlD00a7gaFlX+xdV9iq4bx+ymj0jpABJgfHXuReVQzyU0= =1oii -----END PGP SIGNATURE----- --8P1HSweYDcXXzwPJ-- From unknown Tue Aug 19 10:05:46 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#29046] [PATCH] gnu: linux-libre: Change URL to HTTPS. Resent-From: Mark H Weaver Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 30 Oct 2017 19:15:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 29046 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Leo Famulari Cc: 29046@debbugs.gnu.org, Rutger Helling Received: via spool by 29046-submit@debbugs.gnu.org id=B29046.150939089414225 (code B ref 29046); Mon, 30 Oct 2017 19:15:01 +0000 Received: (at 29046) by debbugs.gnu.org; 30 Oct 2017 19:14:54 +0000 Received: from localhost ([127.0.0.1]:42643 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e9FWP-0003hN-M8 for submit@debbugs.gnu.org; Mon, 30 Oct 2017 15:14:53 -0400 Received: from world.peace.net ([50.252.239.5]:56051) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e9FWL-0003h5-Hp for 29046@debbugs.gnu.org; Mon, 30 Oct 2017 15:14:51 -0400 Received: from pool-72-93-32-242.bstnma.east.verizon.net ([72.93.32.242] helo=jojen) by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1e9FW6-0007Wx-L3; Mon, 30 Oct 2017 15:14:34 -0400 From: Mark H Weaver References: <70ee5da890c2fe609d54af4a3e1f18df@mykolab.com> <30a6703bf921961424f93af098f2ec8f@mykolab.com> <20171030144408.GB27298@jasmine.lan> Date: Mon, 30 Oct 2017 15:14:10 -0400 In-Reply-To: <20171030144408.GB27298@jasmine.lan> (Leo Famulari's message of "Mon, 30 Oct 2017 10:44:08 -0400") Message-ID: <87po94cut9.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Hi Leo, Leo Famulari writes: > On Mon, Oct 30, 2017 at 08:06:39AM +0100, Rutger Helling wrote: >> I noticed linux-libre had already been updated, so this new patch only >> changes the URL to HTTPS. > >> From b68a2c630258324628a7ef34005ff1d790a3a139 Mon Sep 17 00:00:00 2001 >> From: Rutger Helling >> Date: Mon, 30 Oct 2017 08:02:10 +0100 >> Subject: [PATCH] gnu: linux-libre: Change URL to HTTPS. >> >> * gnu/packages/linux.scm (linux-libre): Change URL to HTTPS. > > Hi! Thanks for paying attention to the linux-libre packages. > > I'm copying Mark on this email, since he typically handles the > linux-libre packages. Mark, what do you think of this change? Thanks for bringing this to my attention. I'm not strongly opposed to it, but in general, I'm not sure I understand the rationale for changing source URLs to use HTTPS. We already verify the authenticity of the downloaded file by SHA256 hash, and verify the GPG signature when updating to a new version. Both of these are far stronger than HTTPS, which in practice can be subverted by compromising *any* certificate authority listed in our trust database (in Mozilla NSS). HTTPS also fails to hide from an evesdropper which file was downloaded, because in practice that can be determined by the amount of data transferred. So, unless I'm mistaken, HTTPS doesn't provide any benefit to us here. On the other hand, using HTTPS entails using more complex code to download the files, which exposes a much larger attack surface that might be exploited to compromise our systems. Many security flaws have been uncovered in TLS libraries over the years. Using HTTPS also adds more load on the server. In summary, I'm mildly opposed to this change, but if I've made a mistake in my reasoning here, or if other people feel strongly, I'm okay either way. What do you think? Mark From unknown Tue Aug 19 10:05:46 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#29046] [PATCH] gnu: linux-libre: Change URL to HTTPS. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 31 Oct 2017 02:23:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 29046 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Mark H Weaver Cc: 29046@debbugs.gnu.org, Rutger Helling Received: via spool by 29046-submit@debbugs.gnu.org id=B29046.150941654411884 (code B ref 29046); Tue, 31 Oct 2017 02:23:02 +0000 Received: (at 29046) by debbugs.gnu.org; 31 Oct 2017 02:22:24 +0000 Received: from localhost ([127.0.0.1]:43013 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e9MC7-00035b-Os for submit@debbugs.gnu.org; Mon, 30 Oct 2017 22:22:23 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:34191) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e9MC5-00035S-3H for 29046@debbugs.gnu.org; Mon, 30 Oct 2017 22:22:22 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 27AB520DD9; Mon, 30 Oct 2017 22:22:20 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Mon, 30 Oct 2017 22:22:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= mesmtp; bh=xNJiZ7pn47n/848yj0qTcFbptgbvFn3CVQRkaAYrwPI=; b=TccVY SnvipYdof/7phrQ4CTITDE6cRTV7jBNjfc3IKSjYKqh/gmS0kbsulV+xah7YN5lI PF7La6vX8dOE+mYcSVd43x4g1scyikBkcBQNONPK0MCT9ik3PuSHi2ABbxKbx5gV EKByxChpjK/raMcKZPAiustqoEHkeY8nonL3Hw= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=xNJiZ7pn47n/848yj0qTcFbptgbvF n3CVQRkaAYrwPI=; b=XrHaYLtyTxeCMpGL9aSgUx2/OLL0iyrSRvnWtuhP2Z/Bh 0w534E9YHYfXneRE3jbUHd9Huh0y7flhSkAxZ3XAldtngGvXwWltLV+eKg5u+/2g 6Z3K4qtdpRPnjCb4fozCt4cLL/VLO/4QSHekMlnowqFQDcCJ+XOfA4P8TqR2m2Pq muQBTEWC0jcy72wCf88XcQmNCruQ/TPX/S10KJOobgIulfQWucAD2iXo+6pU6uFz mJqIN1EbTBUTjh4U02vMTdSYjBSrtsrtfySXWEdwyoo2rMvntljl8WVggOmI/On/ kh+Y0fmvZx47OoQ5dw2J1PbXx7A79MWyD9JhcxNlw== X-ME-Sender: Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id D264D241D9; Mon, 30 Oct 2017 22:22:19 -0400 (EDT) Date: Mon, 30 Oct 2017 22:22:14 -0400 From: Leo Famulari Message-ID: <20171031022214.GA21447@jasmine.lan> References: <70ee5da890c2fe609d54af4a3e1f18df@mykolab.com> <30a6703bf921961424f93af098f2ec8f@mykolab.com> <20171030144408.GB27298@jasmine.lan> <87po94cut9.fsf@netris.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo" Content-Disposition: inline In-Reply-To: <87po94cut9.fsf@netris.org> User-Agent: Mutt/1.9.1 (2017-09-22) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 30, 2017 at 03:14:10PM -0400, Mark H Weaver wrote: > I'm not strongly opposed to it, but in general, I'm not sure I > understand the rationale for changing source URLs to use HTTPS. We > already verify the authenticity of the downloaded file by SHA256 hash, > and verify the GPG signature when updating to a new version. Both of > these are far stronger than HTTPS, which in practice can be subverted by > compromising *any* certificate authority listed in our trust database > (in Mozilla NSS). > > HTTPS also fails to hide from an evesdropper which file was downloaded, > because in practice that can be determined by the amount of data > transferred. >=20 > So, unless I'm mistaken, HTTPS doesn't provide any benefit to us here. > On the other hand, using HTTPS entails using more complex code to > download the files, which exposes a much larger attack surface that > might be exploited to compromise our systems. Many security flaws have > been uncovered in TLS libraries over the years. Using HTTPS also adds > more load on the server. >=20 > In summary, I'm mildly opposed to this change, but if I've made a > mistake in my reasoning here, or if other people feel strongly, I'm okay > either way. >=20 > What do you think? I think I'm more bullish on the TLS X.509 PKI than you but I basically agree with your points. We wouldn't gain anything with regards to the integrity of the downloaded files and the HTTPS client software is probably more complex than for unauthenticated HTTP. It's true that, in this case, an active attacker could probably learn which file you are downloading. But using TLS would foil passive surveillance, which is probably widespread. If I understand correctly we don't actually verify certificates when downloading sources while building because we verify the integrity of the files via the SHA256 hash, out of band. If we did verify the certificates, I would argue that using TLS is an improvement here because it could reduce the feasibility of exploits of the download client and SHA256 verifier by MITM attackers. Examples of this type of attack would be (hypothetical) exploits of CVE-2017-13089 and CVE-2017-13090, recently fixed in wget. IIUC, those bugs in the wget client could be exploited by any MITM attacker; using TLS to ensure the client is talking to the right server would help. As it is, an attacker with knowledge of how Guix works could easily circumvent TLS in this sort of scenario, since we don't verify the certificates. Besides, as you mentioned previously, the TLS client brings its own bugs. Because I think that using HTTPS here reduces the effectiveness of totally passive surveillance, I'm in favor of the change. What do you think? And anyone else? --envbJBWh7q8WU6mo Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAln33lMACgkQJkb6MLrK fwiniQ/9EId0LhxupCaqSpjWLwTGA0D+kDkbmB5ft0/NDauMj6XfEJcmTA6ZDm3X p2Gup3s3D6i9/qhMHBa4Z16hFvEx7HdK6h3AoRxsxE6L3LnVa49EZrohMZJLsLzi w+BRV6zRYspWMNqfQeKeMqzlwuWrf128MUeGkKxIJ08tMh0x417fe4HGQYt+48al LLCvr73S7U/yU2OirXYWl7fLJHNBW7znXQtx0JSVzdMwrlXnVtSEc/AkbOfI7jNf KB5fctVatfKgchY8FVEV/Iiqu1x6msuuBEp68iiS1x961V7FO7WN9YNKNyTPEYzN xC16qzNT9uepgJc5x9aTahicLSdzSO+1yn4lpcsSYquCWxasI74xGm1OzLWhG4+F Ngw8fI20M7FyQbD9Xj6CRfZ9fKuGMcIHn82svJBcBwJh0PckW9m24JYhScYM/7JL HkOsuGORwgfxUnvwlgsuwQRqbFpDf6Adk/VpTgG7Veelxqkl2omxS0zKBqpLPlZW VV5m1RvH8njmltN6nZeAB0Mt2L4MKZWepFKcRStZt3Ngzh8ToeLyI/KiF7hNTEXX QNvxIziowGf9zJxV0tnbS+pBdWDh7aI5BxHfYNWwnChkeXhYiYpvGAWRWgn1a3es 6hOoqI6TeyGpv7utxmsTDpzbv1cBp4yesDjLyMMfoR3af2cqzWU= =3UA6 -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo-- From unknown Tue Aug 19 10:05:46 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#29046] [PATCH] gnu: linux-libre: Change URL to HTTPS. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 07 Nov 2017 16:27:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 29046 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Leo Famulari Cc: 29046@debbugs.gnu.org, Mark H Weaver , Rutger Helling Received: via spool by 29046-submit@debbugs.gnu.org id=B29046.151007198422303 (code B ref 29046); Tue, 07 Nov 2017 16:27:01 +0000 Received: (at 29046) by debbugs.gnu.org; 7 Nov 2017 16:26:24 +0000 Received: from localhost ([127.0.0.1]:56768 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eC6hk-0005nf-4J for submit@debbugs.gnu.org; Tue, 07 Nov 2017 11:26:24 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:38443) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eC6hi-0005nX-JS for 29046@debbugs.gnu.org; Tue, 07 Nov 2017 11:26:23 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 1E06AF765; Tue, 7 Nov 2017 17:26:23 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dKBYTuHA-G8Z; Tue, 7 Nov 2017 17:26:22 +0100 (CET) Received: from ribbon (unknown [193.50.110.150]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 0E610F6BE; Tue, 7 Nov 2017 17:26:22 +0100 (CET) From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <70ee5da890c2fe609d54af4a3e1f18df@mykolab.com> <30a6703bf921961424f93af098f2ec8f@mykolab.com> <20171030144408.GB27298@jasmine.lan> <87po94cut9.fsf@netris.org> <20171031022214.GA21447@jasmine.lan> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 17 Brumaire an 226 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 07 Nov 2017 17:26:20 +0100 In-Reply-To: <20171031022214.GA21447@jasmine.lan> (Leo Famulari's message of "Mon, 30 Oct 2017 22:22:14 -0400") Message-ID: <87zi7y5a37.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Hi, Replying to an old message=E2=80=A6 Leo Famulari skribis: > On Mon, Oct 30, 2017 at 03:14:10PM -0400, Mark H Weaver wrote: >> I'm not strongly opposed to it, but in general, I'm not sure I >> understand the rationale for changing source URLs to use HTTPS. We >> already verify the authenticity of the downloaded file by SHA256 hash, >> and verify the GPG signature when updating to a new version. Both of >> these are far stronger than HTTPS, which in practice can be subverted by >> compromising *any* certificate authority listed in our trust database >> (in Mozilla NSS). >> >> HTTPS also fails to hide from an evesdropper which file was downloaded, >> because in practice that can be determined by the amount of data >> transferred. >>=20 >> So, unless I'm mistaken, HTTPS doesn't provide any benefit to us here. >> On the other hand, using HTTPS entails using more complex code to >> download the files, which exposes a much larger attack surface that >> might be exploited to compromise our systems. Many security flaws have >> been uncovered in TLS libraries over the years. Using HTTPS also adds >> more load on the server. >>=20 >> In summary, I'm mildly opposed to this change, but if I've made a >> mistake in my reasoning here, or if other people feel strongly, I'm okay >> either way. >>=20 >> What do you think? I very much sympathize with everything you wrote. Regarding eavesdropping (which to me is the main reason to change to HTTPS in this context), the =E2=80=9Cbicycle attack=E2=80=9D kinda confirms that HTTPS is= not so good at protecting from eavesdropping: . However, it remains a relatively elaborate attack: I can trivially see what you are getting over HTTP, and I would have to target you and be fairly determined to analyze your HTTPS traffic. So overall, I still think that HTTPS improves privacy, even if we must be aware of its limitation. > It's true that, in this case, an active attacker could probably learn > which file you are downloading. But using TLS would foil passive > surveillance, which is probably widespread. +1 > If I understand correctly we don't actually verify certificates when > downloading sources while building because we verify the integrity of > the files via the SHA256 hash, out of band. Right. > If we did verify the certificates, I would argue that using TLS is an > improvement here because it could reduce the feasibility of exploits of > the download client and SHA256 verifier by MITM attackers. Examples of > this type of attack would be (hypothetical) exploits of CVE-2017-13089 > and CVE-2017-13090, recently fixed in wget. IIUC, those bugs in the wget > client could be exploited by any MITM attacker; using TLS to ensure the > client is talking to the right server would help. > > As it is, an attacker with knowledge of how Guix works could easily > circumvent TLS in this sort of scenario, since we don't verify the > certificates. Besides, as you mentioned previously, the TLS client > brings its own bugs. Yeah. > Because I think that using HTTPS here reduces the effectiveness of > totally passive surveillance, I'm in favor of the change. What do you > think? And anyone else? I=E2=80=99m in favor of it as well. Thanks, Ludo=E2=80=99. From unknown Tue Aug 19 10:05:46 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#29046] [PATCH] gnu: linux-libre: Change URL to HTTPS. Resent-From: Mark H Weaver Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 07 Nov 2017 19:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 29046 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Cc: 29046@debbugs.gnu.org, Rutger Helling , Leo Famulari Received: via spool by 29046-submit@debbugs.gnu.org id=B29046.151008155920641 (code B ref 29046); Tue, 07 Nov 2017 19:06:02 +0000 Received: (at 29046) by debbugs.gnu.org; 7 Nov 2017 19:05:59 +0000 Received: from localhost ([127.0.0.1]:56982 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eC9CB-0005Mr-5W for submit@debbugs.gnu.org; Tue, 07 Nov 2017 14:05:59 -0500 Received: from world.peace.net ([50.252.239.5]:47939) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eC9C8-0005Md-Pc for 29046@debbugs.gnu.org; Tue, 07 Nov 2017 14:05:57 -0500 Received: from pool-72-93-31-230.bstnma.east.verizon.net ([72.93.31.230] helo=jojen) by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1eC9C1-0001CS-3D; Tue, 07 Nov 2017 14:05:49 -0500 From: Mark H Weaver References: <70ee5da890c2fe609d54af4a3e1f18df@mykolab.com> <30a6703bf921961424f93af098f2ec8f@mykolab.com> <20171030144408.GB27298@jasmine.lan> <87po94cut9.fsf@netris.org> <20171031022214.GA21447@jasmine.lan> <87zi7y5a37.fsf@gnu.org> Date: Tue, 07 Nov 2017 14:05:24 -0500 In-Reply-To: <87zi7y5a37.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Tue, 07 Nov 2017 17:26:20 +0100") Message-ID: <87tvy5gb9n.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Hi, ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Leo Famulari skribis: > >> On Mon, Oct 30, 2017 at 03:14:10PM -0400, Mark H Weaver wrote: >>> I'm not strongly opposed to it, but in general, I'm not sure I >>> understand the rationale for changing source URLs to use HTTPS. We >>> already verify the authenticity of the downloaded file by SHA256 hash, >>> and verify the GPG signature when updating to a new version. Both of >>> these are far stronger than HTTPS, which in practice can be subverted by >>> compromising *any* certificate authority listed in our trust database >>> (in Mozilla NSS). >>> >>> HTTPS also fails to hide from an evesdropper which file was downloaded, >>> because in practice that can be determined by the amount of data >>> transferred. >>>=20 >>> So, unless I'm mistaken, HTTPS doesn't provide any benefit to us here. >>> On the other hand, using HTTPS entails using more complex code to >>> download the files, which exposes a much larger attack surface that >>> might be exploited to compromise our systems. Many security flaws have >>> been uncovered in TLS libraries over the years. Using HTTPS also adds >>> more load on the server. >>>=20 >>> In summary, I'm mildly opposed to this change, but if I've made a >>> mistake in my reasoning here, or if other people feel strongly, I'm okay >>> either way. >>>=20 >>> What do you think? > > I very much sympathize with everything you wrote. Regarding > eavesdropping (which to me is the main reason to change to HTTPS in this > context), the =E2=80=9Cbicycle attack=E2=80=9D kinda confirms that HTTPS = is not so good > at protecting from eavesdropping: . > > However, it remains a relatively elaborate attack: I can trivially see > what you are getting over HTTP, and I would have to target you and be > fairly determined to analyze your HTTPS traffic. So overall, I still > think that HTTPS improves privacy, even if we must be aware of its > limitation. > >> It's true that, in this case, an active attacker could probably learn >> which file you are downloading. But using TLS would foil passive >> surveillance, which is probably widespread. > > +1 Is an active attack needed to determine which file we are downloading from linux-libre.fsfla.org? I think not. The IP address of that host reverse resolves to "linux-libre.fsfla.org", which makes it obvious. The title of the paper Ludovic cited above makes the point: I Know Why You Went to the Clinic or in this case: I know why you downloaded 97 megabytes from linux-libre.fsfla.org. Unless I'm mistaken, using TLS does *not* foil passive surveillance for source downloads in the overwhelming majority of cases, and especially not in this case. Even at web sites that serve a larger variety of software, determining what was downloaded by the amount of data transferred does not require an active attack. Anyway, having said this, if using HTTPS for linux-libre downloads makes you sleep better at night, I'm okay with it. Regards, Mark From unknown Tue Aug 19 10:05:46 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#29046] [PATCH] gnu: linux-libre: Change URL to HTTPS. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 07 Nov 2017 21:13:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 29046 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Mark H Weaver Cc: 29046@debbugs.gnu.org, Rutger Helling , Leo Famulari Received: via spool by 29046-submit@debbugs.gnu.org id=B29046.151008915732708 (code B ref 29046); Tue, 07 Nov 2017 21:13:01 +0000 Received: (at 29046) by debbugs.gnu.org; 7 Nov 2017 21:12:37 +0000 Received: from localhost ([127.0.0.1]:57145 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eCBAj-0008VT-E9 for submit@debbugs.gnu.org; Tue, 07 Nov 2017 16:12:37 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:39147) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eCBAh-0008VL-IU for 29046@debbugs.gnu.org; Tue, 07 Nov 2017 16:12:36 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 4AEF2F78D; Tue, 7 Nov 2017 22:12:36 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id clbkNkt-xVKx; Tue, 7 Nov 2017 22:12:34 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 30FCDF78B; Tue, 7 Nov 2017 22:12:34 +0100 (CET) From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <70ee5da890c2fe609d54af4a3e1f18df@mykolab.com> <30a6703bf921961424f93af098f2ec8f@mykolab.com> <20171030144408.GB27298@jasmine.lan> <87po94cut9.fsf@netris.org> <20171031022214.GA21447@jasmine.lan> <87zi7y5a37.fsf@gnu.org> <87tvy5gb9n.fsf@netris.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 17 Brumaire an 226 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 07 Nov 2017 22:12:31 +0100 In-Reply-To: <87tvy5gb9n.fsf@netris.org> (Mark H. Weaver's message of "Tue, 07 Nov 2017 14:05:24 -0500") Message-ID: <87y3nhyerk.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Mark H Weaver skribis: > Is an active attack needed to determine which file we are downloading > from linux-libre.fsfla.org? I think not. The IP address of that host > reverse resolves to "linux-libre.fsfla.org", which makes it obvious. > The title of the paper Ludovic cited above makes the point: > > I Know Why You Went to the Clinic > > or in this case: > > I know why you downloaded 97 megabytes from linux-libre.fsfla.org. > > Unless I'm mistaken, using TLS does *not* foil passive surveillance for > source downloads in the overwhelming majority of cases, and especially > not in this case. Even at web sites that serve a larger variety of > software, determining what was downloaded by the amount of data > transferred does not require an active attack. You=E2=80=99re right, though it=E2=80=99s already more work for github.com = (11% of our packages) or PyPI (17% of our packages). This discussion is also interesting in the context of , where one of the options discussed would be to favor content-addressable mirrors over upstream sites. Ludo=E2=80=99. From unknown Tue Aug 19 10:05:46 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Rutger Helling Subject: bug#29046: closed (Re: [bug#29046] [PATCH] gnu: linux-libre: Change URL to HTTPS.) Message-ID: References: <20171112204804.GC10629@jasmine.lan> <70ee5da890c2fe609d54af4a3e1f18df@mykolab.com> X-Gnu-PR-Message: they-closed 29046 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 29046@debbugs.gnu.org Date: Sun, 12 Nov 2017 20:49:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1510519742-31269-1" This is a multi-part message in MIME format... ------------=_1510519742-31269-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #29046: [PATCH] gnu: linux-libre: Update to 4.13.10 and change URL to HTTPS. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 29046@debbugs.gnu.org. --=20 29046: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D29046 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1510519742-31269-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 29046-done) by debbugs.gnu.org; 12 Nov 2017 20:48:08 +0000 Received: from localhost ([127.0.0.1]:37246 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eDzAl-00087J-Pi for submit@debbugs.gnu.org; Sun, 12 Nov 2017 15:48:07 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:57201) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eDzAk-00087B-2m for 29046-done@debbugs.gnu.org; Sun, 12 Nov 2017 15:48:06 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id DC3BF20AFE; Sun, 12 Nov 2017 15:48:05 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Sun, 12 Nov 2017 15:48:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= mesmtp; bh=B2+ubsz20NR/xky7hf3bj814nkfZNxFKhvrnUWd+YpQ=; b=oZrJE au2YjrCQ3Vg80/b/0gvDNvo28MCeXxdOvxsqgkdLSRC3X/CD4f0Wckus2kVzLRb6 ucZY8zO/8sCbjqFOJEUeEO/5me9+vsc3XLffeJiF/hc9nIFnJLB8tUD40OkFQhsI HGJxRCDGvrtVRenRMQSMmr7Pms7iHxp8Cz4NFU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=B2+ubsz20NR/xky7hf3bj814nkfZN xFKhvrnUWd+YpQ=; b=Mg5uOFKsK1pFh8K2TRFnLSYrYXmIrk5TolTaw54pNbaP2 ME9Vi7brEWbIv5gkfk6GCWo1kC6NZJdcU9mqnFwxt+RUBiHAZ51J6oTRDkOjB9/G fxa4ec236qvtSlK4GGEWRD/aDxFYH46BvknkgtGKM9E29dZosocjEHCbjSramICB vFEcJugOXbtPwtUjnbityoktacvPLN3kbKppgI1mJbR0hQdrQJsdjuM7JmMXjlKk GlVPMcKKqPnTjXjKXSEqgqwRwkpApsu/GtkFuQAAq0quJhKwaKe22diLMYvtimmx 5B6mHwekNH9K1peCk9Cz12IDwFr8wZ88hgXCFeT9g== X-ME-Sender: Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id A427F24136; Sun, 12 Nov 2017 15:48:05 -0500 (EST) Date: Sun, 12 Nov 2017 15:48:04 -0500 From: Leo Famulari To: Mark H Weaver Subject: Re: [bug#29046] [PATCH] gnu: linux-libre: Change URL to HTTPS. Message-ID: <20171112204804.GC10629@jasmine.lan> References: <70ee5da890c2fe609d54af4a3e1f18df@mykolab.com> <30a6703bf921961424f93af098f2ec8f@mykolab.com> <20171030144408.GB27298@jasmine.lan> <87po94cut9.fsf@netris.org> <20171031022214.GA21447@jasmine.lan> <87zi7y5a37.fsf@gnu.org> <87tvy5gb9n.fsf@netris.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="pAwQNkOnpTn9IO2O" Content-Disposition: inline In-Reply-To: <87tvy5gb9n.fsf@netris.org> User-Agent: Mutt/1.9.1 (2017-09-22) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 29046-done Cc: 29046-done@debbugs.gnu.org, Ludovic =?iso-8859-1?Q?Court=E8s?= , Rutger Helling X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --pAwQNkOnpTn9IO2O Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Nov 07, 2017 at 02:05:24PM -0500, Mark H Weaver wrote: > Is an active attack needed to determine which file we are downloading > from linux-libre.fsfla.org? I think not. The IP address of that host > reverse resolves to "linux-libre.fsfla.org", which makes it obvious. > The title of the paper Ludovic cited above makes the point: I should clarify that by "active attacker" I mean someone who is doing anything beyond simply recording the traffic. So, if they are making lists of file sizes of different kernel tarballs, or keeping a database of which sites you visited, keyed by your IP / identity, that's "active". > Anyway, having said this, if using HTTPS for linux-libre downloads makes > you sleep better at night, I'm okay with it. It doesn't affect my rest, but I assume you are speaking metaphorically. So, I pushed the change as 8420c7a3565b6a984cdd95336f66d555edc87d90. Thanks Rutger! --pAwQNkOnpTn9IO2O Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAloIs4QACgkQJkb6MLrK fwj+ixAAvcd2jm28DStdBTMVP20uvjcyeRJrp/qeTk/shGb15RUzD45TGNw6j8W0 WPVCf/LYnLWsFj9Kjk0SGCvTqYG/H4BPCaSlzkWmOOxDv30jT3OkOMw66YiAf3jc 5TsCAnCdDqj5BeqzfieHDdf/CikG7AxiJbgXHQWGM5bLZZyhkES2jF9bhNaqO5rJ 76knduwMOGMVTk0B1s4PW5/5dDVD69UybpyHVPJKOaWWHWdMl5WgTwy46z2MfYn/ nO4eccLPAECpn0MOb7gTWbUkeuItZytst3zDeQHof7sEDmJMHWmpjotskYxfHHN0 ieJy96lTimKZSuytyA2grYXFSaLNlZ2MRvl8SA7A+ByIIyP/QKnBPGYoNJ+TTJp6 pMmD0CqgzwOM1fPrQ+Acah/v5vPZWSlCH5AMWv3EMJFDaEom6g+CPAG+s6GPkRKA yrzARQVW1sTW/yEesRu0gHt41hiK7eC75lDztqQSy/YBolHnxE7H9bCzsj98bEUh kLYOefnfXyrvxLz55l1ipSjJMnNIDk6mXHCVk4OKMg7pyyuOvhL8Sa+gqGfu+b1i h2sZtlIkd3hpfiRw//mhIaIEjfVWccHX5JxXOGo/YP5ofpp87kCARHt9q3+or6qk zGnBGFckVAsUpmoGYfhp4Z5D2lXO3oduDd7AnC2uMND6NNpM0Ig= =hmQe -----END PGP SIGNATURE----- --pAwQNkOnpTn9IO2O-- ------------=_1510519742-31269-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 28 Oct 2017 21:15:35 +0000 Received: from localhost ([127.0.0.1]:39517 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e8YS7-0007Mz-3F for submit@debbugs.gnu.org; Sat, 28 Oct 2017 17:15:35 -0400 Received: from eggs.gnu.org ([208.118.235.92]:56828) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e8YS5-0007Mo-HC for submit@debbugs.gnu.org; Sat, 28 Oct 2017 17:15:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e8YRz-00025H-BQ for submit@debbugs.gnu.org; Sat, 28 Oct 2017 17:15:28 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, HTML_MESSAGE,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:50627) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e8YRz-00024y-80 for submit@debbugs.gnu.org; Sat, 28 Oct 2017 17:15:27 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47792) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e8YRy-00056Y-48 for guix-patches@gnu.org; Sat, 28 Oct 2017 17:15:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e8YRu-0001xk-1O for guix-patches@gnu.org; Sat, 28 Oct 2017 17:15:26 -0400 Received: from mx.kolabnow.com ([95.128.36.40]:42982) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e8YRt-0001tw-JL for guix-patches@gnu.org; Sat, 28 Oct 2017 17:15:21 -0400 Received: from localhost (unknown [127.0.0.1]) by ext-mx-out001.mykolab.com (Postfix) with ESMTP id 13DCB1B5 for ; Sat, 28 Oct 2017 23:15:19 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mykolab.com; h= message-id:subject:subject:from:from:date:date:content-type :content-type:mime-version:received:received:received; s= dkim20160331; t=1509225316; x=1509225338; bh=qsAIyoZwOE8bwPKSEZE VduczosXK9zswWp1UZ0WlirA=; b=aAoRe72Gg868mL3v0gD3KWSVXKFgMyE0Sc9 p164XHJlFQpIVrpWQ3m40dcMFTyKfRzuK/O5uQNpVnVOYsbiBnkv/dSUJTv6jOqr cCmZyLc4sTJ36i20rwsudE0pVPYdzM/FnThp6dgNW7Oo3sHQVggDDsPMsdGMOUHZ q7UYhHWHdndO8BgCHvWBd7ykTKVDqrB8NH6U4aQyDqv4LM8Y8WcN8Xy1BaZSzQZs /hR8W0UnUacemEhOlzlniKHIpReFkmyCZE7GbXHzszZ9v3Z4qdqgll7sP791/Twa LBEbprLSoOISDxvLeGO8SwNEmiETBQBFxic+ux4+C3ax8iE6T1RWDW2aYP1Cf1xf 4Y//d9skP371FvUKpacbfmuKrhRTuQvFxc2Nse4E4etsiZG0cEhC1FKMmfTBs60l aBH21dsNUyYd787PFR3M4iZuVr5Bp8VxLL8ncYkzpit/kiUcolINMCElzPRwQbym Hjwb8OeP6Lbd0vAPilADjXFa/gbgcqyulRlMtoJz4B9dgXrwXqURENdlFqokhAey 1XmMX0oQYKhk/uvGZf7vr/rabTL2v7gxGNy4BBmvP90uHirPXEsNPHyZagRlqD2Y a6dPnuuwwAJcBjky9y0t2TdgZ5QDYdXImbtxnmURO6Kt2uf3uH2TunGXmUVkdOD6 tIPSLh3Q= X-Virus-Scanned: amavisd-new at mykolab.com Received: from mx.kolabnow.com ([127.0.0.1]) by localhost (ext-mx-out001.mykolab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8q79AEp4pZnV for ; Sat, 28 Oct 2017 23:15:16 +0200 (CEST) Received: from int-mx001.mykolab.com (unknown [10.9.13.1]) by ext-mx-out001.mykolab.com (Postfix) with ESMTPS id BDC6F18E for ; Sat, 28 Oct 2017 23:15:16 +0200 (CEST) Received: from int-subm002.mykolab.com (unknown [10.9.37.2]) by int-mx001.mykolab.com (Postfix) with ESMTPS id 9FD8C156 for ; Sat, 28 Oct 2017 23:15:16 +0200 (CEST) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_c83bcf77e9717a1bd90b70d20b5d996d" Date: Sat, 28 Oct 2017 23:15:16 +0200 From: Rutger Helling To: guix-patches@gnu.org Subject: [PATCH] gnu: linux-libre: Update to 4.13.10 and change URL to HTTPS. Message-ID: <70ee5da890c2fe609d54af4a3e1f18df@mykolab.com> X-Sender: rhelling@mykolab.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) --=_c83bcf77e9717a1bd90b70d20b5d996d Content-Type: multipart/alternative; boundary="=_109ef615bfe269aafbf5a876d8b87923" --=_109ef615bfe269aafbf5a876d8b87923 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Hey Guix, here's a patch to update linux-libre and change the URL to HTTPS. --=_109ef615bfe269aafbf5a876d8b87923 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8

Hey Guix,

here's a patch to update linux-libre and change the URL to HTTPS.

--=_109ef615bfe269aafbf5a876d8b87923-- --=_c83bcf77e9717a1bd90b70d20b5d996d Content-Transfer-Encoding: base64 Content-Type: text/x-diff; name=0001-gnu-linux-libre-Update-to-4.13.10-and-change-URL-to-.patch Content-Disposition: attachment; filename=0001-gnu-linux-libre-Update-to-4.13.10-and-change-URL-to-.patch; size=1505 RnJvbSAzZmFhNDkzYTYwNzkwN2Q2ZmI1NzFlNmMwZTNlYjM5MWFmN2E1YWVjIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBSdXRnZXIgSGVsbGluZyA8cmhlbGxpbmdAbXlrb2xhYi5jb20+ CkRhdGU6IFNhdCwgMjggT2N0IDIwMTcgMjI6MzY6MTYgKzAyMDAKU3ViamVjdDogW1BBVENIXSBn bnU6IGxpbnV4LWxpYnJlOiBVcGRhdGUgdG8gNC4xMy4xMCBhbmQgY2hhbmdlIFVSTCB0byBIVFRQ Uy4KCiogZ251L3BhY2thZ2VzL2xpbnV4LnNjbSAobGludXgtbGlicmUpOiBVcGRhdGUgdG8gNC4x My4xMCBhbmQgY2hhbmdlIFVSTCB0byBIVFRQUy4KLS0tCiBnbnUvcGFja2FnZXMvbGludXguc2Nt IHwgNiArKystLS0KIDEgZmlsZSBjaGFuZ2VkLCAzIGluc2VydGlvbnMoKyksIDMgZGVsZXRpb25z KC0pCgpkaWZmIC0tZ2l0IGEvZ251L3BhY2thZ2VzL2xpbnV4LnNjbSBiL2dudS9wYWNrYWdlcy9s aW51eC5zY20KaW5kZXggNDk2NjVlMjRkLi44MzFjMjY4ODQgMTAwNjQ0Ci0tLSBhL2dudS9wYWNr YWdlcy9saW51eC5zY20KKysrIGIvZ251L3BhY2thZ2VzL2xpbnV4LnNjbQpAQCAtMTQwLDcgKzE0 MCw3IEBAIGRlZmNvbmZpZy4gIFJldHVybiB0aGUgYXBwcm9waWF0ZSBtYWtlIHRhcmdldCBpZiBh cHBsaWNhYmxlLCBvdGhlcndpc2UgcmV0dXJuCiAoZGVmaW5lIChsaW51eC1saWJyZS11cmxzIHZl cnNpb24pCiAgICJSZXR1cm4gYSBsaXN0IG9mIFVSTHMgZm9yIExpbnV4LUxpYnJlIFZFUlNJT04u IgogICAobGlzdCAoc3RyaW5nLWFwcGVuZAotICAgICAgICAgImh0dHA6Ly9saW51eC1saWJyZS5m c2ZsYS5vcmcvcHViL2xpbnV4LWxpYnJlL3JlbGVhc2VzLyIKKyAgICAgICAgICJodHRwczovL2xp bnV4LWxpYnJlLmZzZmxhLm9yZy9wdWIvbGludXgtbGlicmUvcmVsZWFzZXMvIgogICAgICAgICAg dmVyc2lvbiAiLWdudS9saW51eC1saWJyZS0iIHZlcnNpb24gIi1nbnUudGFyLnh6IikKIAogICAg ICAgICA7OyBYWFg6IFdvcmsgYXJvdW5kIDxodHRwOi8vYnVncy5nbnUub3JnLzE0ODUxPi4KQEAg LTM2OCw4ICszNjgsOCBAQCBJdCBoYXMgYmVlbiBtb2RpZmllZCB0byByZW1vdmUgYWxsIG5vbi1m cmVlIGJpbmFyeSBibG9icy4iKQogCiAoZGVmaW5lICVpbnRlbC1jb21wYXRpYmxlLXN5c3RlbXMg JygieDg2XzY0LWxpbnV4IiAiaTY4Ni1saW51eCIpKQogCi0oZGVmaW5lICVsaW51eC1saWJyZS12 ZXJzaW9uICI0LjEzLjkiKQotKGRlZmluZSAlbGludXgtbGlicmUtaGFzaCAiMXltc2R2bTRkamg3 aGcyd21uMnYxMXczODBpMHNzOW5rcDRzbGZyZ2loZHZuNnlwNWdidiIpCisoZGVmaW5lICVsaW51 eC1saWJyZS12ZXJzaW9uICI0LjEzLjEwIikKKyhkZWZpbmUgJWxpbnV4LWxpYnJlLWhhc2ggIjB5 MXA1YjFyeHBicjNhcHZxcXY1ODlxd3pmeXpqcGRyenlzZmo0aDE3czBrNGd5NmM1cDgiKQogCiAo ZGVmaW5lLXB1YmxpYyBsaW51eC1saWJyZQogICAobWFrZS1saW51eC1saWJyZSAlbGludXgtbGli cmUtdmVyc2lvbgotLSAKMi4xNC4zCgo= --=_c83bcf77e9717a1bd90b70d20b5d996d-- ------------=_1510519742-31269-1--