| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8479acd3-5e35-4b64-5b2a-ad6549a62e4b@al2klimov.de>
Date: Wed, 8 Jul 2020 05:20:17 +0200
From: "Alexander A. Klimov" <grandmaster@...klimov.de>
To: Dave Young <dyoung@...hat.com>
Cc: bhe@...hat.com, vgoyal@...hat.com, corbet@....net,
kexec@...ts.infradead.org, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: kdump
Am 08.07.20 um 05:17 schrieb Dave Young:
> On 07/01/20 at 07:33pm, Alexander A. Klimov wrote:
>>
>>
>> Am 01.07.20 um 09:58 schrieb Dave Young:
>>> On 06/27/20 at 12:31pm, Alexander A. Klimov wrote:
>>>> Rationale:
>>>> Reduces attack surface on kernel devs opening the links for MITM
>>>> as HTTPS traffic is much harder to manipulate.
>>>>
>>>> Deterministic algorithm:
>>>> For each file:
>>>> If not .svg:
>>>> For each line:
>>>> If doesn't contain `\bxmlns\b`:
>>>> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>>>> If both the HTTP and HTTPS versions
>>>> return 200 OK and serve the same content:
>>>> Replace HTTP with HTTPS.
>>>>
>>>> Signed-off-by: Alexander A. Klimov <grandmaster@...klimov.de>
>>>> ---
>>>> If there are any URLs to be removed completely or at least not HTTPSified:
>>>> Just clearly say so and I'll *undo my change*.
>>>> See also https://lkml.org/lkml/2020/6/27/64
>>>>
>>>> If there are any valid, but yet not changed URLs:
>>>> See https://lkml.org/lkml/2020/6/26/837
>>>>
>>>> Documentation/admin-guide/kdump/kdump.rst | 10 +++++-----
>>>> 1 file changed, 5 insertions(+), 5 deletions(-)
>>>>
>>>> diff --git a/Documentation/admin-guide/kdump/kdump.rst b/Documentation/admin-guide/kdump/kdump.rst
>>>> index 2da65fef2a1c..8cfa35f777f5 100644
>>>> --- a/Documentation/admin-guide/kdump/kdump.rst
>>>> +++ b/Documentation/admin-guide/kdump/kdump.rst
>>>> @@ -65,20 +65,20 @@ Install kexec-tools
>>>> 2) Download the kexec-tools user-space package from the following URL:
>>>> -http://kernel.org/pub/linux/utils/kernel/kexec/kexec-tools.tar.gz
>>>> +https://kernel.org/pub/linux/utils/kernel/kexec/kexec-tools.tar.gz
>>>> This is a symlink to the latest version.
>>>> The latest kexec-tools git tree is available at:
>>>> - git://git.kernel.org/pub/scm/utils/kernel/kexec/kexec-tools.git
>>>> -- http://www.kernel.org/pub/scm/utils/kernel/kexec/kexec-tools.git
>>>> +- https://www.kernel.org/pub/scm/utils/kernel/kexec/kexec-tools.git
>>>> There is also a gitweb interface available at
>>>> -http://www.kernel.org/git/?p=utils/kernel/kexec/kexec-tools.git
>>>> +https://www.kernel.org/git/?p=utils/kernel/kexec/kexec-tools.git
>>>> More information about kexec-tools can be found at
>>>> -http://horms.net/projects/kexec/
>>>> +https://horms.net/projects/kexec/
>>>> 3) Unpack the tarball with the tar command, as follows::
>>>> @@ -511,7 +511,7 @@ dump kernel.
>>>> You can also use the Crash utility to analyze dump files in Kdump
>>>> format. Crash is available on Dave Anderson's site at the following URL:
>>>> - http://people.redhat.com/~anderson/
>>>> + https://people.redhat.com/~anderson/
>>>
>>> Would you mind to update above url as well?
>> I'll update all of the URLs not changed yet, but (please) not in this patch
>> round.
>>
>> See also https://lkml.org/lkml/2020/6/26/837
>
> If this series can be taken soon then we can wait and submit a patch
> later.
>
> Or just drop this one from your series, I can submit another one to take
> the https and crash url together later.
>
> Either works.
Or (if you don't apply as-is) I'll just cover patched+non-patched
together in round II.
>
>>
>>>
>>> Dave have moved it to below url instead:
>>> https://crash-utility.github.io/
>>>
>>> Thanks
>>> Dave
>>>
>>
>
Powered by blists - more mailing lists