Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp122987ybh;
        Fri, 17 Jul 2020 21:27:04 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzdkKwip4K12jZB/qiIPA0Z+tzrbXqAdf2nYHSPKvLTuaxzPxdu4LeF91iJ9R04TY9MdBfd
X-Received: by 2002:a17:906:edb3:: with SMTP id sa19mr11239682ejb.21.1595046423805;
        Fri, 17 Jul 2020 21:27:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1595046423; cv=none;
        d=google.com; s=arc-20160816;
        b=qR/2NhAz2vIv77zLVs60pOFpzMDvK39UCCxlB6JNgf+MNoHWRas/79+euH8h9c7Kdh
         6F1t6VXc3EggUQWeVWr9tG7s+5LLGjRDH07vRDwUsQ7PA58qLJ0fegesBgaMSDKjd16M
         PlopHC1v0ZYswhjxh/DJPOJOU20C0vPvNP1l1yYdcYonoNz2nBPPEyhUPSd2Wq+71DaJ
         YVn74HvwXEzAw2t6LBQD/Ntd1Ov6sTr8ggPP0VbGyCfu8o2GgRI7o8eMul1EPf6/z4wU
         Bc04PSHL/wqH52agrrngbK8eECurRAftAvV9PPR/AHBMlkpPX3n2QkrwHilqCCO9RGgf
         vRNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:references:message-id
         :in-reply-to:subject:cc:to:from:date;
        bh=3xs3tZZK3A1wvD5aOjVxQdppJE2QZoqe+azFvR05HYY=;
        b=JWM5Dg7v5jDOlxdbRB+wRYFlnG1ZZOGSBVlYvkvNeyKa9NQsmkciaKK0Q4WqNBNmCE
         jVxb47SzlcPEI1xAEmKl1Jw4JZJZceh8tKjd6JloAtcj9s6Ya1xT0SzASlTgz3xAH2EW
         4hPAdi3TP4CjGBJngRjzIgleAZSDdjW1rpFcD8ZhVHi+fA2a0shUS5Hhg1z3BRTbj38x
         jRl3QHEzJl/iODOzO/aVEnIsotRX1ngi6NSUwbzwS8I+/CorZ8PpgFhe9zx9DOE4Fz7+
         BFspekmSWZB99kXKXLD/DPjwtUsbJkCwaqI8PC0099C1jE9oCICfwTjjZQVlg5sFf1Ku
         aVQQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a26si5659560ejf.701.2020.07.17.21.26.39;
        Fri, 17 Jul 2020 21:27:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725887AbgGRE0F (ORCPT <rfc822;zzmahb@gmail.com> + 99 others);
        Sat, 18 Jul 2020 00:26:05 -0400
Received: from kvm5.telegraphics.com.au ([98.124.60.144]:34932 "EHLO
        kvm5.telegraphics.com.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725791AbgGRE0E (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 18 Jul 2020 00:26:04 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
        by kvm5.telegraphics.com.au (Postfix) with ESMTP id 1DA7C29C5B;
        Sat, 18 Jul 2020 00:25:29 -0400 (EDT)
Date:   Sat, 18 Jul 2020 14:25:21 +1000 (AEST)
From:   Finn Thain <fthain@telegraphics.com.au>
To:     "Alexander A. Klimov" <grandmaster@al2klimov.de>
cc:     geert@linux-m68k.org, funaho@jurai.org,
        linux-m68k@lists.linux-m68k.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] m68k: Replace HTTP links with HTTPS ones
In-Reply-To: <20200717184240.79799-1-grandmaster@al2klimov.de>
Message-ID: <alpine.LNX.2.23.453.2007181258320.92@nippy.intranet>
References: <20200717184240.79799-1-grandmaster@al2klimov.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 17 Jul 2020, Alexander A. Klimov wrote:

> Rationale:
> Reduces attack surface on kernel devs opening the links for 
> MITM as HTTPS traffic is much harder to manipulate.
> 

Has that actually happened?

You still need to fix the chain of trust in all the relevant browsers 
(unless you're planning to ship root certificates with the kernel source).

Even then, developers using "HTTPS Everywhere" or equivalent will not 
benefit from this patch.

And these new links are just as stale as the old ones, so I have to use 
web.archive.org anyway. So this patch achieves practically nothing.

> Deterministic algorithm:
> For each file:
>   If not .svg:

Are URLs in .svg files not exploitable by MITM attack?

>     For each line:
>       If doesn't contain `\bxmlns\b`:

Are XML parsers not exploitable by MITM attack?

>         For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:

Are ftp:// links etc. not exploitable by MITM attack?

> 	  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:

Should developers be more concerned about MITM attack or lawsuit?

>             If both the HTTP and HTTPS versions
>             return 200 OK and serve the same content:

...then you have not been MITM attacked.

>               Replace HTTP with HTTPS.
> 

Will you also require developers to use DNSSEC?

> Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
> ---
>  Continuing my work started at 93431e0607e5.
>  See also: git log --oneline '--author=Alexander A. Klimov <grandmaster@al2klimov.de>' v5.7..master
> 
>  If there are any URLs to be removed completely
>  or at least not (just) HTTPSified:
>  Just clearly say so and I'll *undo my change*.
>  See also: https://lkml.org/lkml/2020/6/27/64
> 
>  If there are any valid, but yet not changed URLs:
>  See: https://lkml.org/lkml/2020/6/26/837
> 
>  If you apply the patch, please let me know.
> 
> 
>  arch/m68k/include/asm/mac_via.h | 4 ++--
>  arch/m68k/mac/config.c          | 2 +-
>  arch/m68k/mac/macboing.c        | 2 +-
>  3 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/m68k/include/asm/mac_via.h b/arch/m68k/include/asm/mac_via.h
> index 1149251ea58d..0cbab71f2592 100644
> --- a/arch/m68k/include/asm/mac_via.h
> +++ b/arch/m68k/include/asm/mac_via.h
> @@ -30,7 +30,7 @@
>   *      http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html
>   *      ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
>   *
> - * also, http://developer.apple.com/technotes/hw/hw_09.html claims the
> + * also, https://developer.apple.com/technotes/hw/hw_09.html claims the
>   * following changes for IIfx:
>   * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP.
>   * Also, "All of the functionality of VIA2 has been moved to other chips".
> @@ -178,7 +178,7 @@
>  				 * on others, 0=disable processor's instruction
>  				 * and data caches. */
>  
> -/* Apple sez: http://developer.apple.com/technotes/ov/ov_04.html
> +/* Apple sez: https://developer.apple.com/technotes/ov/ov_04.html
>   * Another example of a valid function that has no ROM support is the use
>   * of the alternate video page for page-flipping animation. Since there
>   * is no ROM call to flip pages, it is necessary to go play with the
> diff --git a/arch/m68k/mac/config.c b/arch/m68k/mac/config.c
> index 5c9f3a2d6538..6f2eb1dcfc0c 100644
> --- a/arch/m68k/mac/config.c
> +++ b/arch/m68k/mac/config.c
> @@ -240,7 +240,7 @@ static struct mac_model mac_data_table[] = {
>  	 * Weirdified Mac II hardware - all subtly different. Gee thanks
>  	 * Apple. All these boxes seem to have VIA2 in a different place to
>  	 * the Mac II (+1A000 rather than +4000)
> -	 * CSA: see http://developer.apple.com/technotes/hw/hw_09.html
> +	 * CSA: see https://developer.apple.com/technotes/hw/hw_09.html
>  	 */
>  
>  	{
> diff --git a/arch/m68k/mac/macboing.c b/arch/m68k/mac/macboing.c
> index 388780797f7d..a904146dc4e6 100644
> --- a/arch/m68k/mac/macboing.c
> +++ b/arch/m68k/mac/macboing.c
> @@ -116,7 +116,7 @@ static void mac_init_asc( void )
>  			 *   support 16-bit stereo output, but only mono input."
>  			 *
>  			 *   Technical Information Library (TIL) article number 16405. 
> -			 *   http://support.apple.com/kb/TA32601 
> +			 *   https://support.apple.com/kb/TA32601 
>  			 *
>  			 * --David Kilzer
>  			 */
>