[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH web 0/2] Secure the download links and more
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [PATCH web 0/2] Secure the download links and more |
|
Date: |
Mon, 11 Sep 2017 17:37:08 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
On 04/09/2017 16:26, Daniel P. Berrange wrote:
> Peter pointed out a bit of a crazy setup:
>
> The front page link to the 2.10.0 tarball is
>
> http://download.qemu-project.org/qemu-2.10.0.tar.xz
>
> which gets you a 301 redirect to
>
> http://download.qemu.org/qemu-2.10.0.tar.xz
>
> which gets you a 301 redirect to
>
> https://download.qemu.org/qemu-2.10.0.tar.xz...
>
> which gives the $BAD guys plenty chance to compromise your
> download. Fix this to link to https:// sites exclusively
> and use the preferred qemu.org domani too. All links are
> fixed to use https, not merely download site links.
>
> Daniel P. Berrange (2):
> Update all links to prefer qemu.org over qemu-project.org
> Use https links whereever possible
>
> .htaccess | 6 +++---
> _download/source.html | 12 ++++++------
> _includes/footer.html | 18 +++++++++---------
> _includes/releases.html | 8 ++++----
> _posts/2017-02-04-the-new-qemu-website-is-up.md | 10 +++++-----
> _posts/2017-03-19-qemu-in-the-blogs-february-2017.md | 4 ++--
> _posts/2017-08-10-deprecation.md | 2 +-
> contribute.md | 8 ++++----
> contribute/report-a-bug.md | 6 +++---
> documentation.md | 8 ++++----
> index.html | 2 +-
> 11 files changed, 42 insertions(+), 42 deletions(-)
>
Queued, including changes to the 2.10.0 blog post in patch 2. Will push
tomorrow.
Paolo