Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp88788ybh;
        Fri, 17 Jul 2020 19:57:24 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyN0HGB5zUjygxKm4y7DBMuWcy/G2nEJj3d2xEbuD3BKGFs0JNRdTVKt9cL8vuwcGr5h6DN
X-Received: by 2002:aa7:cd18:: with SMTP id b24mr12584789edw.3.1595041044657;
        Fri, 17 Jul 2020 19:57:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1595041044; cv=none;
        d=google.com; s=arc-20160816;
        b=O0v3s8UItwNpgkmqoOx+RVw/bzG97Wblk2PTjlNVj8N3PO9RJNbkabOf4QVGjQ3oO5
         ln/tw++kX22j8T7C03yVqToXFFvTNUNLTKzEvJg/+2gJ0BBpiQC8BE2DztlcPvQVx3SA
         RI6l1cT34oISyk+K9KEFNIkLUYKyvtw2XeelkgbTuHNml41+2x29xXg6SA1yJXCKbrHz
         HNz/QYWlfwhtkE8YIFkvY1TEYr2tUMwVa8J2tMUv9jKAkmH5dqbJtfh229uz7ceO9HNM
         GLkMS7vdqNYFD8X2/Jl6qmPJwe7AW7t2FJdMegsL1e9qg0pdUtKJcZfw4dIUGM1KVZeV
         qH3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=2gc4LTADrhmbUaQHpNdlRi+P62w0RgHIzLWQDbbxm/w=;
        b=muQksel+yhzRONNCDyds+lvE92D6CENTSflMkeR3kwGfq/XPJyK8CP+BymHB0WE44h
         f/8Xo+T6AgKV5NnNRz4GJ7keAQIQ5BHnnIpQFF70po0f6BqGX4lBiwy186iem6or//m/
         U/zPgFAGFGr+RzbRSUxo9kREiw3Vi6PXkYhRvDoKzQGFjK1cRqYlz8nlbVF17y4Mpc2y
         UfnT45I9bkJHMQxjdgansc5CUf/nbMGySDYL1TZAHvZi8ond3sUPs8YY9q5Ciw/kInPs
         mnjUIZxyWPhYOmgBr5GLZ/VA+uAT7Uwq3yAn75wS2cLaH4BzSIqaP4cBQT7VozoNGHru
         Ix+Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id c11si7255083edy.498.2020.07.17.19.57.01;
        Fri, 17 Jul 2020 19:57:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728924AbgGRCyJ (ORCPT <rfc822;zzmahb@gmail.com> + 99 others);
        Fri, 17 Jul 2020 22:54:09 -0400
Received: from mail.hallyn.com ([178.63.66.53]:35050 "EHLO mail.hallyn.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728127AbgGRCyJ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 17 Jul 2020 22:54:09 -0400
Received: by mail.hallyn.com (Postfix, from userid 1001)
        id 2ACDBC13; Fri, 17 Jul 2020 21:54:07 -0500 (CDT)
Date:   Fri, 17 Jul 2020 21:54:07 -0500
From:   "Serge E. Hallyn" <serge@hallyn.com>
To:     "Alexander A. Klimov" <grandmaster@al2klimov.de>
Cc:     serge@hallyn.com, linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] capabilities: Replace HTTP links with HTTPS ones
Message-ID: <20200718025407.GA11982@mail.hallyn.com>
References: <20200713103428.33342-1-grandmaster@al2klimov.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200713103428.33342-1-grandmaster@al2klimov.de>
User-Agent: Mutt/1.9.4 (2018-02-28)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jul 13, 2020 at 12:34:28PM +0200, Alexander A. Klimov wrote:
> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
> 
> Deterministic algorithm:
> For each file:
>   If not .svg:
>     For each line:
>       If doesn't contain `\bxmlns\b`:
>         For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
> 	  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
>             If both the HTTP and HTTPS versions
>             return 200 OK and serve the same content:
>               Replace HTTP with HTTPS.
> 
> Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>

Reviewed-by: Serge Hallyn <serge@hallyn.com>

> ---
>  Continuing my work started at 93431e0607e5.
>  See also: git log --oneline '--author=Alexander A. Klimov <grandmaster@al2klimov.de>' v5.7..master
>  (Actually letting a shell for loop submit all this stuff for me.)
> 
>  If there are any URLs to be removed completely or at least not just HTTPSified:
>  Just clearly say so and I'll *undo my change*.
>  See also: https://lkml.org/lkml/2020/6/27/64
> 
>  If there are any valid, but yet not changed URLs:
>  See: https://lkml.org/lkml/2020/6/26/837
> 
>  If you apply the patch, please let me know.
> 
>  Sorry again to all maintainers who complained about subject lines.
>  Now I realized that you want an actually perfect prefixes,
>  not just subsystem ones.
>  I tried my best...
>  And yes, *I could* (at least half-)automate it.
>  Impossible is nothing! :)
> 
> 
>  kernel/capability.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kernel/capability.c b/kernel/capability.c
> index 1444f3954d75..a8a20ebc43ee 100644
> --- a/kernel/capability.c
> +++ b/kernel/capability.c
> @@ -40,7 +40,7 @@ __setup("no_file_caps", file_caps_disable);
>  /*
>   * More recent versions of libcap are available from:
>   *
> - *   http://www.kernel.org/pub/linux/libs/security/linux-privs/
> + *   https://www.kernel.org/pub/linux/libs/security/linux-privs/
>   */
>  
>  static void warn_legacy_capability_use(void)
> -- 
> 2.27.0