| 1 |
--- |
| 2 |
eclass/git-r3.eclass | 14 +++++++++----- |
| 3 |
1 file changed, 9 insertions(+), 5 deletions(-) |
| 4 |
|
| 5 |
diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass |
| 6 |
index bc7d4d920299..42b586811368 100644 |
| 7 |
--- a/eclass/git-r3.eclass |
| 8 |
+++ b/eclass/git-r3.eclass |
| 9 |
@@ -105,10 +105,14 @@ fi |
| 10 |
# @ECLASS-VARIABLE: EGIT_REPO_URI |
| 11 |
# @REQUIRED |
| 12 |
# @DESCRIPTION: |
| 13 |
-# URIs to the repository, e.g. git://foo, https://foo. If multiple URIs |
| 14 |
-# are provided, the eclass will consider them as fallback URIs to try |
| 15 |
-# if the first URI does not work. For supported URI syntaxes, read up |
| 16 |
-# the manpage for git-clone(1). |
| 17 |
+# URIs to the repository, e.g. https://foo. If multiple URIs are |
| 18 |
+# provided, the eclass will consider the remaining URIs as fallbacks |
| 19 |
+# to try if the first URI does not work. For supported URI syntaxes, |
| 20 |
+# read up the manpage for git-clone(1). |
| 21 |
+# |
| 22 |
+# URIs should be using https:// whenever possible. http:// and git:// |
| 23 |
+# URIs are unsafe and their use (even if only as a fallback) makes |
| 24 |
+# MITM attacks possible. |
| 25 |
# |
| 26 |
# It can be overriden via env using ${PN}_LIVE_REPO variable. |
| 27 |
# |
| 28 |
@@ -116,7 +120,7 @@ fi |
| 29 |
# |
| 30 |
# Example: |
| 31 |
# @CODE |
| 32 |
-# EGIT_REPO_URI="git://a/b.git https://c/d.git" |
| 33 |
+# EGIT_REPO_URI="https://a/b.git https://c/d.git" |
| 34 |
# @CODE |
| 35 |
|
| 36 |
# @ECLASS-VARIABLE: EVCS_OFFLINE |
| 37 |
-- |
| 38 |
2.14.1 |
Archives