Bug#865347: marked as done (libdvd-pkg: use https for the download)
Your message dated Mon, 06 Sep 2021 23:19:50 +0000
with message-id <E1mNNu2-000FXL-TQ@fasolo.debian.org>
and subject line Bug#865347: fixed in libdvd-pkg 1.4.3-1-1
has caused the Debian Bug report #865347,
regarding libdvd-pkg: use https for the download
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
865347: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865347
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libdvd-pkg: use https for the download
- From: Christoph Anton Mitterer <calestyo@scientia.net>
- Date: Tue, 20 Jun 2017 18:13:54 +0200
- Message-id: <149797523424.20695.9563499898669348305.reportbug@heisenberg.scientia.net>
Package: libdvd-pkg
Version: 1.4.0-1-2
Severity: wishlist
Hi.
The videolan servers support https, I suggest using this for the download.
While this doesn't help with security, it adds privacy for the download process.
Of course one needs to add some --ca-certificate= to wget, of course best would
be to only add the CA that videoland actually uses, currently USERTrust RSA Certification Authority.
And one would need to depend on ca-certificates.
You should perhaps also update the watchfile.
btw: In get-orig-source, why do you use uscan to download the current version if downloading fails with wget?
That should then anyway not be usable due to the missing SHA256sum file,... and it won't be deleted then either, so
the user may accidentally use that unverified code.
Cheers,
Chris.
--- End Message ---
--- Begin Message ---
Source: libdvd-pkg
Source-Version: 1.4.3-1-1
Done: Sebastian Ramacher <sramacher@debian.org>
We believe that the bug you reported is fixed in the latest version of
libdvd-pkg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 865347@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated libdvd-pkg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 07 Sep 2021 00:48:16 +0200
Source: libdvd-pkg
Architecture: source
Version: 1.4.3-1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Closes: 865347 987343 989985
Changes:
libdvd-pkg (1.4.3-1-1) unstable; urgency=medium
.
* Team upload
.
[ Debian Janitor ]
* Drop custom source compression.
* Bump debhelper from old 9 to 12.
.
[ Marcos Fouces ]
* Add templates.pot file
.
[ Sebastian Ramacher ]
* debian/po/es.po: Add Spanish translation (Closes: 987343)
* New upstream release (Closes: #989985)
* libdvdcss/: Modernize packaging
* debian/control: Bump debhelper compat to 13
* debian/rules: Fix order of tar arguments
.
[ Hideki Yamane ]
* check with https
* use https for the download (Closes: #865347)
Checksums-Sha1:
3e2e44ee06335269f7eff120dece33e59b18d52a 1916 libdvd-pkg_1.4.3-1-1.dsc
ca18330023047e2362e05e37ae515d24e943001c 3940 libdvd-pkg_1.4.3-1.orig.tar.xz
b127fc2bf35e7f1ce1a6cbaba2ee8c332988fe10 14756 libdvd-pkg_1.4.3-1-1.debian.tar.xz
Checksums-Sha256:
93621debf1106e7fec3303d3449fe0e2de001ca2da7ceb18a8653859dbffa797 1916 libdvd-pkg_1.4.3-1-1.dsc
f6b3c31ec25a74c00a26747f2c33d3e3f4a5480808d284711a12c53f3aea877c 3940 libdvd-pkg_1.4.3-1.orig.tar.xz
a88b3382d14c756dc1c725ac3b54517705a5b773a41ed32f1b38045df97a99ba 14756 libdvd-pkg_1.4.3-1-1.debian.tar.xz
Files:
991a12a6078c46871accd22423ee036b 1916 contrib/utils optional libdvd-pkg_1.4.3-1-1.dsc
d9d0b098e8bae11c3bdc7f9db4c35564 3940 contrib/utils optional libdvd-pkg_1.4.3-1.orig.tar.xz
c021e5247fb07c8de9da23bbf9e424bb 14756 contrib/utils optional libdvd-pkg_1.4.3-1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmE2m4UACgkQafL8UW6n
GZO0Yg/8Cj8K/CLTGS7bc0kKTCOoEXrVF2rsAdRN/Djm3UWDP2HSFXGS57qerLt2
oNsboCB9Jl4n1ubvOozAfwqmaFSR+gzIXFIZzcYDCAcyDhM0dkCwUXgxOPg889Be
Dl6icElRPxdu1yQ2boJF6OkpJRy9pFG2+GlySEPCMao/jYEmNQ2JlCGJSoVajg1E
voa2TFp8fA1oGtFpzd4IBZI9vS7JCh5YpAaAFH0CMJfhy3Hk81eCwaHXLMdt6Z5f
QdJ00WJ+iHfrrfA15U58WZ1ZHSaLJaaH4zV8NpYCHwMgN8e2eN0zo7DAqRMDmZTe
eOivDA7BmcS2A0ytFaAJL+8f601OQwncNj/sKuw9CdZK9L0b4hcN91hIvl5BiaPB
e855wt8yZ5DPJ3zZcpqReQhp2UyZZS1cjH15LeZ8izNQ/JTLWRBN91+3Y4cS7Bni
mIi/NedzlSMLWx2QDsx6EfKNDrlYmWz3vOP1OMJCtJrt7R6dqEzUKtOKcXYNXiY1
ACDE+8x0rT5JTWZlR6H9snUAiR/+HKt8ALsyI55ossJUmNSTRo0nrm0LPvZj5lVX
kLJN9Oya/rjvFI2HQdBEYWVtwHnR1TrvfjV1dCpPWyNplC0O3m7pPpx/qDJ2QFcL
nrcyA614Vxetg1BhUefu0KGqaPwnqoKrAa8uGkEzbsyYADc9/kM=
=a2Qg
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: