Fabre

#1068714 packages.debian.org: Please make links to deb.debian.org use HTTPS instead of HTTP #1068714

Package:: www.debian.org

Source:: www.debian.org

Submitter:: Pierre-Elliott Bécue

Date:: 2025-03-28 19:33:01 UTC

Severity:: normal

Tags:

#1068714#5

Date:: 2024-04-09 15:25:26 UTC

From:

To:

Package: www.debian.org
Severity: serious
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

Hello,

In packages.debian.org, links pointing to the different source files
useful for a package are pointing to deb.debian.org via HTTP (not HTTPS)
links.

See https://packages.debian.org/bookworm/python3-pep517, which points
for [pep517_0.13.0-2.debian.tar.xz] to
http://deb.debian.org/debian/pool/main/p/pep517/pep517_0.13.0-2.debian.tar.xz

In these times of supply chain attack reveals etc, I think we would be
best to give HTTPS links.

Regards,

#1068714#10

Date:: 2025-03-28 19:29:21 UTC

From:

To:

Control: tags -1 +patch
Control: forwarded -1 https://salsa.debian.org/webmaster-team/packages/-/merge_requests/16
Control: user debian-release@lists.debian.org
Control: usertag 1098454 + bsp-2025-03-ca-montreal

Someone else noticed this as well, and there's a pending MR for this!

https://salsa.debian.org/webmaster-team/packages/-/merge_requests/16

#1068714 packages.debian.org: Please make links to deb.debian.org use HTTPS instead of HTTP #1068714

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)