lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1593997337.4657.30.camel@linux.ibm.com>
Date:   Sun, 05 Jul 2020 18:02:17 -0700
From:   James Bottomley <jejb@...ux.ibm.com>
To:     "Alexander A. Klimov" <grandmaster@...klimov.de>,
        fischer@...bit.de, martin.petersen@...cle.com,
        linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: AHA152X SCSI driver

On Sun, 2020-07-05 at 23:44 +0200, Alexander A. Klimov wrote:
> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
> 
> Deterministic algorithm:
> For each file:
>   If not .svg:
>     For each line:
>       If doesn't contain `\bxmlns\b`:
>         For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>           If both the HTTP and HTTPS versions
>           return 200 OK and serve the same content:
>             Replace HTTP with HTTPS.
> 
> Signed-off-by: Alexander A. Klimov <grandmaster@...klimov.de>
> ---
>  Continuing my work started at 93431e0607e5.
> 
>  If there are any URLs to be removed completely or at least not
> HTTPSified:
>  Just clearly say so and I'll *undo my change*.
>  See also https://lkml.org/lkml/2020/6/27/64
> 
>  If there are any valid, but yet not changed URLs:
>  See https://lkml.org/lkml/2020/6/26/837
> 
>  drivers/scsi/pcmcia/aha152x_stub.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/scsi/pcmcia/aha152x_stub.c
> b/drivers/scsi/pcmcia/aha152x_stub.c
> index df82a349e969..0c471915b20f 100644
> --- a/drivers/scsi/pcmcia/aha152x_stub.c
> +++ b/drivers/scsi/pcmcia/aha152x_stub.c
> @@ -10,7 +10,7 @@
>      The contents of this file are subject to the Mozilla Public
>      License Version 1.1 (the "License"); you may not use this file
>      except in compliance with the License. You may obtain a copy of
> -    the License at http://www.mozilla.org/MPL/
> +    the License at https://www.mozilla.org/MPL/

Um, no, you can't do that: that's licence boilerplate copied from the
actual standard licence header:

https://spdx.org/licenses/MPL-1.1.html

However, it does strike me that the whole of this should have been
replaced by a SPDX header.

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ