Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] http or https reference to P2 repos: (was Re: Initialization for 2019-06)

Hi Karsten

Ouch! I didn't follow all of https://bugs.eclipse.org/bugs/show_bug.cgi?id=544852 but using http: seems pretty irresponsible.

I've raised https://bugs.eclipse.org/bugs/show_bug.cgi?id=546207 requesting the *.target support to give a warning for http:

    Regards

        Ed Willink

On 08/04/2019 16:17, Karsten Thoms wrote:
Hi Ed,

I’m not sure if there is a general guideline, but we were addressed such an issue in project Xtext and make sure that we do not use anything in the build that is pulled through HTTP and fix the remaining places when we find some.

Read more in:

~Karsten

Am 08.04.2019 um 10:05 schrieb Ed Willink <ed@xxxxxxxxxxxxx>:

Hi

Checking one of my builds, I find 12 repos in the *.target file all specified as http: e.g. 

  <location includeAllPlatforms="false" includeConfigurePhase="false" includeMode="planner" includeSource="true" type="InstallableUnit">
    <unit id="org.eclipse.sdk.feature.group" version="0.0.0"/>
    <repository location="http://download.eclipse.org/eclipse/updates/I-builds"/>
  </location>

Checking my Tycho log, I find e.g.

[INFO] Fetching p2.index from http://download.eclipse.org/eclipse/updates/I-builds/
[INFO] Fetching p2.index from http://download.eclipse.org/eclipse/updates/I-builds/
[INFO] Adding repository http://download.eclipse.org/eclipse/updates/I-builds
[INFO] Fetching p2.index from https://download.eclipse.org/eclipse/updates/4.12-I-builds/
[INFO] Fetching p2.index from https://download.eclipse.org/eclipse/updates/4.12-I-builds/

indicating that the platform is redirecting http: to https:

Is there an EF recommendation as to whether https: (more secure) or http: (less overhead) should be used?

    Regards

        Ed Willink

On 02/04/2019 12:38, Becker, Matthias wrote:
From my point of view not using SSL nowadays is a bug.
One should use SSL / HTTPs everywhere these days.
 
From: <cross-project-issues-dev-bounces@xxxxxxxxxxx> on behalf of Wim Jongman <wim.jongman@xxxxxxxxx>
Reply-To: Cross project issues <cross-project-issues-dev@xxxxxxxxxxx>
Date: Tuesday, 2. April 2019 at 13:24
To: Cross project issues <cross-project-issues-dev@xxxxxxxxxxx>
Subject: Re: [cross-project-issues-dev] Initialization for 2019-06
 
 
 
On Mon, Apr 1, 2019 at 5:14 PM Pierre-Charles David <pierre-charles.david@xxxxxxx> wrote:
 
Thanks for that. 
 
Is it in general not better to serve this content through HTTP to avoid SSL overhead and encryption of large files? I have no clue what this means in terms of speed but since these repos are extremly popular it might be significant.
 
 
 
 

_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev

Virus-free. www.avast.com
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev


_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev

Back to the top