Re: [PATCH] capabilities: Replace HTTP links with HTTPS ones
From: "Serge E. Hallyn" <serge@hallyn.com>
Date: 2020-07-18 02:54:10
Also in:
lkml
On Mon, Jul 13, 2020 at 12:34:28PM +0200, Alexander A. Klimov wrote:
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.
Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.
Signed-off-by: Alexander A. Klimov <redacted>Reviewed-by: Serge Hallyn <serge@hallyn.com>
quoted hunk ↗ jump to hunk
--- Continuing my work started at 93431e0607e5. See also: git log --oneline '--author=Alexander A. Klimov [off-list ref]' v5.7..master (Actually letting a shell for loop submit all this stuff for me.) If there are any URLs to be removed completely or at least not just HTTPSified: Just clearly say so and I'll *undo my change*. See also: https://lkml.org/lkml/2020/6/27/64 If there are any valid, but yet not changed URLs: See: https://lkml.org/lkml/2020/6/26/837 If you apply the patch, please let me know. Sorry again to all maintainers who complained about subject lines. Now I realized that you want an actually perfect prefixes, not just subsystem ones. I tried my best... And yes, *I could* (at least half-)automate it. Impossible is nothing! :) kernel/capability.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)diff --git a/kernel/capability.c b/kernel/capability.c index 1444f3954d75..a8a20ebc43ee 100644 --- a/kernel/capability.c +++ b/kernel/capability.c@@ -40,7 +40,7 @@ __setup("no_file_caps", file_caps_disable); /* * More recent versions of libcap are available from: * - * http://www.kernel.org/pub/linux/libs/security/linux-privs/ + * https://www.kernel.org/pub/linux/libs/security/linux-privs/ */ static void warn_legacy_capability_use(void)-- 2.27.0