[PATCH 04/29] dlls/appwiz.cpl/: move WineHQ URLs to https
Jacek Caban
jacek at codeweavers.com
Thu Nov 30 13:20:58 CST 2017
Hi Austin,
On 30.11.2017 19:56, Austin English wrote:
> diff --git a/dlls/appwiz.cpl/addons.c b/dlls/appwiz.cpl/addons.c
> index 5ec49cfe6a..0bbc90f3eb 100644
> --- a/dlls/appwiz.cpl/addons.c
> +++ b/dlls/appwiz.cpl/addons.c
> @@ -86,7 +86,7 @@ static const addon_info_t addons_info[] = {
> "wine_gecko-" GECKO_VERSION "-" ARCH_STRING ".msi",
> "gecko",
> GECKO_SHA,
> - "http://source.winehq.org/winegecko.php",
> + "https://source.winehq.org/winegecko.php",
> "MSHTML", "GeckoUrl", "GeckoCabDir",
> MAKEINTRESOURCEW(ID_DWL_GECKO_DIALOG)
> },
> @@ -95,7 +95,7 @@ static const addon_info_t addons_info[] = {
> "wine-mono-" MONO_VERSION ".msi",
> "mono",
> MONO_SHA,
> - "http://source.winehq.org/winemono.php",
> + "https://source.winehq.org/winemono.php",
While I'm not really opposed, I think this deserves more attention. Note
that this change means that we will download Gecko and Mono using https
instead of http. While it's usually fine, it's an extra complexity and
involves additional dependences to achieve the task. For example, it
means that if you don't have a working GnuTLS and WineGecko cached, Wine
won't be able to setup your prefix correctly.
Also note that we check checksums of downloaded files, so installing
those packages is safe as far as attacks by modifying content is
considered. All we gain from https in this case is a bit of privacy
improvement.
That said, I'm not sure we want that change unless we have a good reason.
Thanks,
Jacek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20171130/6b6a9f4d/attachment.html>
More information about the wine-devel
mailing list