Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1327593ybh; Mon, 13 Jul 2020 15:59:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyG+IkxAuPAJ7CRzppSQA6v9c9qXBsEEru94DBg+QqxoP6TSlTIRbk6+bLvBHseUoQPHPhN X-Received: by 2002:a17:906:fcab:: with SMTP id qw11mr1872106ejb.456.1594681181979; Mon, 13 Jul 2020 15:59:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594681181; cv=none; d=google.com; s=arc-20160816; b=aThoDbdcTwlZ03ixjHMJ5tGgHa5zbedNcn9OjktTUXvFpOuhNRKIr3ztsSVIy34JyT gfLafvH+nYUXAhHwrJbEIUqPVhtoFjbKZguz+Xzj3xi7eB31Ua3wTCd92grLAZpVNDXV T72ubvVdRMhx/l6c+UjdOyut2VxS3J+ZX+t7OA+9nNQB6QEkyeuS8sW1D7tf2+G8J72A dmZtorIOQ65gjX002opc5ZfJGzCnB/NloGnPTGEWIjY73/madB4jCWNyspC8uWTX874U l1HnUrPbKaYbtXwMF+vYkSvngBtoGRP0hR5ywyHcKmpzfFf0EpglkoLSGSLEYi4vXGg+ Xcag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject; bh=Afn1pNgNHrw7866s3ZW83nQjaE6lfMO2gUcioeoALuQ=; b=nJHXIJqKGOx1/aJdP9rZ4uBCvzmO+4SAkospipjfKvPJWDBl8jb8IGRaPBaCRbr3qs MZVBNckXZQmJE18QwQP+XVl0uwtdQIKKKnQ/d6nkguxojtyB8xjtlpwg9dGHK2HeK51J EwBtRCQ90Xd5p7jL1i8Zj9fBHK019/QazpHqbzOAqLW3aNCXENEBNWmE0cEAQ/rntFKV ZDtcZp5hHhDt/1fDMH/MJvFdiDn1IJBtq7piykwBnIbi9UTEdoWCR0cppiynHFV97wGA fpb21qWynslNbQvZ15ZKfF9I1I16kjNmj0Go1QC8RFffBCksxSNjh7e8uE5kTSv+h4N9 uPSg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id la26si9226535ejb.587.2020.07.13.15.59.19; Mon, 13 Jul 2020 15:59:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726600AbgGMW4O (ORCPT + 99 others); Mon, 13 Jul 2020 18:56:14 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:12942 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726352AbgGMW4K (ORCPT ); Mon, 13 Jul 2020 18:56:10 -0400 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06DMXLu7000760; Mon, 13 Jul 2020 18:55:57 -0400 Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com with ESMTP id 3276ag6paq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Jul 2020 18:55:56 -0400 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 06DMoDGF016169; Mon, 13 Jul 2020 22:55:54 GMT Received: from b06avi18878370.portsmouth.uk.ibm.com (b06avi18878370.portsmouth.uk.ibm.com [9.149.26.194]) by ppma04fra.de.ibm.com with ESMTP id 327527hbu0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Jul 2020 22:55:53 +0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 06DMtpBP63177196 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Jul 2020 22:55:51 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A09AD4C04E; Mon, 13 Jul 2020 22:55:51 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 48B0A4C050; Mon, 13 Jul 2020 22:55:51 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 13 Jul 2020 22:55:51 +0000 (GMT) Received: from [9.206.162.5] (unknown [9.206.162.5]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id EB288A01E5; Tue, 14 Jul 2020 08:55:49 +1000 (AEST) Subject: Re: [PATCH] ocxl: Replace HTTP links with HTTPS ones To: "Alexander A. Klimov" , fbarrat@linux.ibm.com, arnd@arndb.de, gregkh@linuxfoundation.org, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org References: <20200713175506.36676-1-grandmaster@al2klimov.de> From: Andrew Donnellan Message-ID: Date: Tue, 14 Jul 2020 08:55:41 +1000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20200713175506.36676-1-grandmaster@al2klimov.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235,18.0.687 definitions=2020-07-13_17:2020-07-13,2020-07-13 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 adultscore=0 mlxlogscore=778 malwarescore=0 phishscore=0 priorityscore=1501 clxscore=1011 lowpriorityscore=0 suspectscore=0 spamscore=0 bulkscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007130163 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 14/7/20 3:55 am, Alexander A. Klimov wrote: > Rationale: > Reduces attack surface on kernel devs opening the links for MITM > as HTTPS traffic is much harder to manipulate. > > Deterministic algorithm: > For each file: > If not .svg: > For each line: > If doesn't contain `\bxmlns\b`: > For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: > If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: > If both the HTTP and HTTPS versions > return 200 OK and serve the same content: > Replace HTTP with HTTPS. > > Signed-off-by: Alexander A. Klimov Thanks. Acked-by: Andrew Donnellan -- Andrew Donnellan OzLabs, ADL Canberra ajd@linux.ibm.com IBM Australia Limited