{"id":809703,"url":"http://patchwork.ozlabs.org/api/1.0/covers/809703/?format=json","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.0/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20170904142608.4897-1-berrange@redhat.com>","date":"2017-09-04T14:26:06","name":"[web,0/2] Secure the download links and more","submitter":{"id":2694,"url":"http://patchwork.ozlabs.org/api/1.0/people/2694/?format=json","name":"Daniel P. Berrangé","email":"berrange@redhat.com"},"series":[{"id":1395,"url":"http://patchwork.ozlabs.org/api/1.0/series/1395/?format=json","date":"2017-09-04T14:26:06","name":"Secure the download links and more","version":1,"mbox":"http://patchwork.ozlabs.org/series/1395/mbox/"}],"headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","ext-mx10.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com","ext-mx10.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=berrange@redhat.com"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xmBxf3SfXz9s7h\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue,  5 Sep 2017 00:27:00 +1000 (AEST)","from localhost ([::1]:46901 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1dosL0-00089a-RV\n\tfor incoming@patchwork.ozlabs.org; Mon, 04 Sep 2017 10:26:54 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:56632)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <berrange@redhat.com>) id 1dosKR-00088r-Vl\n\tfor qemu-devel@nongnu.org; Mon, 04 Sep 2017 10:26:24 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <berrange@redhat.com>) id 1dosKN-0002fy-8n\n\tfor qemu-devel@nongnu.org; Mon, 04 Sep 2017 10:26:19 -0400","from mx1.redhat.com ([209.132.183.28]:59342)\n\tby eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from <berrange@redhat.com>) id 1dosKN-0002f1-3H\n\tfor qemu-devel@nongnu.org; Mon, 04 Sep 2017 10:26:15 -0400","from smtp.corp.redhat.com\n\t(int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id CBE10624A4;\n\tMon,  4 Sep 2017 14:26:13 +0000 (UTC)","from localhost.localdomain.com (unknown [10.42.22.189])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id 05FA2820AB;\n\tMon,  4 Sep 2017 14:26:12 +0000 (UTC)"],"DMARC-Filter":"OpenDMARC Filter v1.3.2 mx1.redhat.com CBE10624A4","From":"\"Daniel P. Berrange\" <berrange@redhat.com>","To":"qemu-devel@nongnu.org","Date":"Mon,  4 Sep 2017 15:26:06 +0100","Message-Id":"<20170904142608.4897-1-berrange@redhat.com>","X-Scanned-By":"MIMEDefang 2.79 on 10.5.11.16","X-Greylist":"Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.39]);\n\tMon, 04 Sep 2017 14:26:13 +0000 (UTC)","X-detected-operating-system":"by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]\n\t[fuzzy]","X-Received-From":"209.132.183.28","Subject":"[Qemu-devel] [PATCH web 0/2] Secure the download links and more","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"Peter Maydell <peter.maydell@linaro.org>,\n\tPaolo Bonzini <pbonzini@redhat.com>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"},"content":"Peter pointed out a bit of a crazy setup:\n\nThe front page link to the 2.10.0 tarball is\n\n  http://download.qemu-project.org/qemu-2.10.0.tar.xz\n\nwhich gets you a 301 redirect to\n\n  http://download.qemu.org/qemu-2.10.0.tar.xz\n\nwhich gets you a 301 redirect to\n\n  https://download.qemu.org/qemu-2.10.0.tar.xz...\n\nwhich gives the $BAD guys plenty chance to compromise your\ndownload. Fix this to link to https:// sites exclusively\nand use the preferred qemu.org domani too. All links are\nfixed to use https, not merely download site links.\n\nDaniel P. Berrange (2):\n  Update all links to prefer qemu.org over qemu-project.org\n  Use https links whereever possible\n\n .htaccess                                            |  6 +++---\n _download/source.html                                | 12 ++++++------\n _includes/footer.html                                | 18 +++++++++---------\n _includes/releases.html                              |  8 ++++----\n _posts/2017-02-04-the-new-qemu-website-is-up.md      | 10 +++++-----\n _posts/2017-03-19-qemu-in-the-blogs-february-2017.md |  4 ++--\n _posts/2017-08-10-deprecation.md                     |  2 +-\n contribute.md                                        |  8 ++++----\n contribute/report-a-bug.md                           |  6 +++---\n documentation.md                                     |  8 ++++----\n index.html                                           |  2 +-\n 11 files changed, 42 insertions(+), 42 deletions(-)"}