From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#27795: Issues with upstream source for guile-emacs Date: Sun, 23 Jul 2017 12:05:22 -0400 Message-ID: <20170723160522.GB18230@jasmine.lan> References: <20170722231904.GA7314@jasmine.lan> <87d18r8hbb.fsf@elephly.net> <877eyz8c8h.fsf@elephly.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ADZbWkCsHQ7r3kzd" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49322) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dZJOR-0006fE-7e for bug-guix@gnu.org; Sun, 23 Jul 2017 12:06:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dZJON-0000RS-5Y for bug-guix@gnu.org; Sun, 23 Jul 2017 12:06:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:50918) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dZJOM-0000R9-Lu for bug-guix@gnu.org; Sun, 23 Jul 2017 12:06:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dZJOM-0007Rn-8f for bug-guix@gnu.org; Sun, 23 Jul 2017 12:06:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <877eyz8c8h.fsf@elephly.net> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ricardo Wurmus Cc: 27795@debbugs.gnu.org --ADZbWkCsHQ7r3kzd Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jul 23, 2017 at 04:22:06PM +0200, Ricardo Wurmus wrote: >=20 > Ricardo Wurmus writes: >=20 > > Leo Famulari writes: > > > >> While working on the bug 'Changing package source URLs from git:// to > >> https://' [0], I noticed an issue with the sources for guile-emacs. > >> > >> We currently fetch this source code over the unauthenticated GIT > >> protocol. It is also available over HTTPS. However, these two protocols > >> are returning different Git repos for some reason. > > > > The clone times out for me: > > > > --8<---------------cut here---------------start------------->8--- > > git clone https://git.hcoop.net/git/bpt/emacs.git guile-emacs-over-https > > Cloning into 'guile-emacs-over-https'... > > ^C > > --8<---------------cut here---------------end--------------->8--- > > > > But the clone from git:// works fine. > > > > Is the repository actually served over HTTPS? >=20 > Don=E2=80=99t mind me. It eventually worked. The repositories have diff= erent > histories, and the https-repo looks like it is two commits behind. > Looks like an older rebase. >=20 > I=E2=80=99d say we should leave it with the current git:// URL. The thing is, since the git:// protocol is unauthenticated, we could assume that those extra two commits are added by a MitM :/ Somebody who is interested in guile-emacs should really ask upstream what is going on. --ADZbWkCsHQ7r3kzd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAll0yUEACgkQJkb6MLrK fwiyVw/9EZ0/YccyNoG7sMJsVThtYr2agRiKlpFwgv4T0bxGCmDRnskvj+PlDh7l gOkc+rPiUVrx8sGtHt1zMulHWHR1VKm8TbfcyZXe2aM1cZ8YYNTyI/u2yL8Afwin xdrqathXlT0m/i2lXskoFX2rBz+vW4DMC0Hq+owQAoj31bzwmuTbTEa8VbQlV4+S Y21w/g4cj1oJOvUcwSYmzzQ0feOEKvbE9Uzn2HUrybsbouQYKY5zdICmVoO4i6nc Gs0cUowB154r5jPwk/fIAuNLtUc2zuo//pMOpCDVCemKgG2+WAv3cEKJlC2bBESF drxf2VMv50LH/eIDjzTpSrkTFpauGaQWVi/+xgWRVP9Mx2HY8BHKd1WtJm1y96bk YGsuIh50NRTvdCqEk6PbFt/6jJ7qCEMv1qOxpUmuUIvXT9EQG7AhAUtvMAFwWWgn ztS3ezxw9m1wKFfQm+RBNF92BFLESvkGdr74zhBw+SSe2/J6HNKGlgQa985Rw/72 P7EZPdx3VxrpJSsRzneolQCaojhGODRDQ23UInpkwpGscx+4EenHOFKVYG5l+Jw0 iBY+Q+B0oKOlzPshseviRUuGkvY/iGrzVOMt6kzyMokM/YXsm9O+n8zhmjtxJCNV sWnIoQm8+sC/KPnaaMy82jxC5mICE42ogAc9ZqNE0xeKJrTwVGo= =cUul -----END PGP SIGNATURE----- --ADZbWkCsHQ7r3kzd--