Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:87314
Return-Path: <tyra3l@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 63115 invoked from network); 27 Jul 2015 07:32:20 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Jul 2015 07:32:20 -0000
Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.53 as permitted sender)
X-PHP-List-Original-Sender: tyra3l@gmail.com
X-Host-Fingerprint: 209.85.215.53 mail-la0-f53.google.com  
Received: from [209.85.215.53] ([209.85.215.53:34426] helo=mail-la0-f53.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id DF/00-61854-28ED5B55 for <internals@lists.php.net>; Mon, 27 Jul 2015 03:32:19 -0400
Received: by lafd3 with SMTP id d3so33211379laf.1
        for <internals@lists.php.net>; Mon, 27 Jul 2015 00:32:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=dWWmBS5Qyk8ykH4KDhSrE2y9KZ5TAD2zCifjazyOSLk=;
        b=BCy+PZlADCszUdDVDXUFfv1pbkLtUMqMPlabWiw4CqL114rdhHX1NYv/XjJv1+LuZ1
         xq8wE8mEIL0xX7O+yHig3DB8cIsVhmj6yCh3yEWyZZNrUmZCNEddkw9lI2upPwhQETL5
         uVBPqtEhtduzpJ44SaLBIb9Av+DtUIgEK/GC5ruhqovHfh3MJRj0HVnRRICSBHoY/Wvd
         Bg2PcT8wM9F/6GADkJvBldooi6OWlVGCuiXi+mnHOByxe4Xpra16ezQ/1xlbKrBJ4Kem
         B7dmnDeMjKhM2S8h21bkHj1V6Sl5502AJwWLrsXeGx5YOI80QXSmcJiiyU/UQxLHCvPJ
         T+eQ==
MIME-Version: 1.0
X-Received: by 10.112.161.40 with SMTP id xp8mr25675258lbb.71.1437982335100;
 Mon, 27 Jul 2015 00:32:15 -0700 (PDT)
Received: by 10.152.43.105 with HTTP; Mon, 27 Jul 2015 00:32:15 -0700 (PDT)
Date: Mon, 27 Jul 2015 09:32:15 +0200
Message-ID: <CAH-PCH41UgBmJkvORS-7j5EETcxzkOCqrCX+h6mBvXZZDPaaUA@mail.gmail.com>
To: PHP Internals <internals@lists.php.net>, Stanislav Malyshev <stas@php.net>, julien pauli <jpauli@php.net>, 
	Kalle Sommer Nielsen <kalle@php.net>, Anatoliy Belsky <ab@php.net>, Hannes Magnusson <bjori@php.net>
Content-Type: multipart/alternative; boundary=001a11c25f5246ee3b051bd65a2a
Subject: use https when downloading the pear installer
From: tyra3l@gmail.com (Ferenc Kovacs)

--001a11c25f5246ee3b051bd65a2a
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi,

I've just realized that even thought https://pear.php.net/ is available, we
are still downloading the install-pear-nozlib.phar via http:// in
pear/Makefile.frag and makedist
Do you happen to know any reason for keeping it that way or is this only
for historical reasons (maybe pear.php.net did not have proper cert or
configured to accept traffic on 443 originally when the download process
was created) and should be ok to make this more secure(as it would prevent
MITM attacks).

What do you think?

--=20
Ferenc Kov=C3=A1cs
@Tyr43l - http://tyrael.hu

--001a11c25f5246ee3b051bd65a2a--