[Pkg-zsh-devel] Bug#1077869: zsh: please use secure URLs in debian/upstream/metadata
Simon McVittie
smcv at debian.org
Sat Aug 3 18:35:48 BST 2024
Source: zsh
Version: 5.9-6
Severity: wishlist
Tags: patch
While looking for upstream fixes for zsh compatibility with gcc 14,
I noticed that the source package uses git:// and http:// URLs in
debian/upstream/metadata, which do not authenticate the identity of the
remote server and so are vulnerable to man-in-the-middle attacks. Please
replace them with their equivalent https:// URLs, for example by applying
the attached patch.
Thanks,
smcv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-d-upstream-metatata-Use-secure-URLs.patch
Type: text/x-diff
Size: 1510 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-zsh-devel/attachments/20240803/0331a4b5/attachment.patch>
More information about the Pkg-zsh-devel
mailing list