[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#849514: lintian: Add homepage-uses-insecure-uri tag (HTTP uri in Homepage field)



Emanuel Bronshtein wrote...

> 
> Homepage field can point to HTTP uri, for example (from: https://sources.debian.net/src/libreoffice/1:5.2.4-2/debian/control/?hl=191#L191):
> 	Homepage: http://www.libreoffice.org
> while HTTPS is available for the domain: https://www.libreoffice.org

Eh, I was just about to suggest the same. I would however rather ship a
list of hosts that are known to offer the service on https, too. For
those the message would be "warning". For anything else it was rather a
carefully worded recommendation as in "please check whether that host
is accessible using https, too", and severity "pedantic".

And there are more places here lintian could check for such URLs: The
DEP-3 header in debian/patches/, most notably Bug-Debian:, and the
format description in dep-5 debian/copyright. I am not going to open
bugs for these particular cases, two mostly identical ones should
be enough.

    Christoph

Attachment: signature.asc
Description: Digital signature


Reply to: