[PATCH 04/29] dlls/appwiz.cpl/: move WineHQ URLs to https

Austin English austinenglish at gmail.com
Thu Nov 30 18:23:56 CST 2017 

On Nov 30, 2017 1:21 PM, "Jacek Caban" <jacek at codeweavers.com> wrote:

Hi Austin,


On 30.11.2017 19:56, Austin English wrote:

diff --git a/dlls/appwiz.cpl/addons.c b/dlls/appwiz.cpl/addons.c
index 5ec49cfe6a..0bbc90f3eb 100644
--- a/dlls/appwiz.cpl/addons.c
+++ b/dlls/appwiz.cpl/addons.c
@@ -86,7 +86,7 @@ static const addon_info_t addons_info[] = {
         "wine_gecko-" GECKO_VERSION "-" ARCH_STRING ".msi",
         "gecko",
         GECKO_SHA,
-        "http://source.winehq.org/winegecko.php"
<http://source.winehq.org/winegecko.php>,
+        "https://source.winehq.org/winegecko.php"
<https://source.winehq.org/winegecko.php>,
         "MSHTML", "GeckoUrl", "GeckoCabDir",
         MAKEINTRESOURCEW(ID_DWL_GECKO_DIALOG)
     },
@@ -95,7 +95,7 @@ static const addon_info_t addons_info[] = {
         "wine-mono-" MONO_VERSION ".msi",
         "mono",
         MONO_SHA,
-        "http://source.winehq.org/winemono.php"
<http://source.winehq.org/winemono.php>,
+        "https://source.winehq.org/winemono.php"
<https://source.winehq.org/winemono.php>,


While I'm not really opposed, I think this deserves more attention. Note
that this change means that we will download Gecko and Mono using https
instead of http. While it's usually fine, it's an extra complexity and
involves additional dependences to achieve the task. For example, it means
that if you don't have a working GnuTLS and WineGecko cached, Wine won't be
able to setup your prefix correctly.


I have gnutls set up, so hadn't considered that. I would think that we
consider a lack of gnutls an unsupported platform, but I don't think this
is important enough to break that usecase.

Also note that we check checksums of downloaded files, so installing those
packages is safe as far as attacks by modifying content is considered. All
we gain from https in this case is a bit of privacy improvement.


That said, I'm not sure we want that change unless we have a good reason.


Sure. Can we agree to change the message to an https version of the wiki?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20171130/49182d3c/attachment.html>

More information about the wine-devel mailing list