Bug#865347: libdvd-pkg: use https for the download
Christoph Anton Mitterer
calestyo at scientia.net
Tue Jun 20 16:13:54 UTC 2017
Package: libdvd-pkg
Version: 1.4.0-1-2
Severity: wishlist
Hi.
The videolan servers support https, I suggest using this for the download.
While this doesn't help with security, it adds privacy for the download process.
Of course one needs to add some --ca-certificate= to wget, of course best would
be to only add the CA that videoland actually uses, currently USERTrust RSA Certification Authority.
And one would need to depend on ca-certificates.
You should perhaps also update the watchfile.
btw: In get-orig-source, why do you use uscan to download the current version if downloading fails with wget?
That should then anyway not be usable due to the missing SHA256sum file,... and it won't be deleted then either, so
the user may accidentally use that unverified code.
Cheers,
Chris.
More information about the pkg-multimedia-maintainers
mailing list