[oe] [meta-webserver] cherokee: fix SRC_URI

[Emil R. Petersen]

I can see that this is hosted on a University website, but is there a 
policy for using non-official mirrors?

This seems like it opens up a lot of potential security problems IMO. 
Not only could the third-party mirror be easy to compromise, but how 
would be assure we don't use a malicious mirror? Or that a malicious 
contributer doesn't add a deliberatively tainted mirror?

In short, is there some sort of policy on when and how we use 
third-party mirrors? Is security considerations part of the policy?

Kind Regards,
Emil Petersen

On 05/09/13 13:54, Javier Viguera wrote:
> The package is no longer available in the official cherokee site,
> so download it from a mirror.
>
> Signed-off-by: Javier Viguera<javier.viguera at digi.com>
> ---
>
> Notes:
>      To be cherry-picked to Dylan as well.
>
>   meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb b/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb
> index 265e24e..4b2d68d 100644
> --- a/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb
> +++ b/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb
> @@ -9,7 +9,7 @@ PR = "r9"
>
>   DEPENDS = "libpcre openssl mysql5 ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>
> -SRC_URI = "http://www.cherokee-project.com/download/1.2/${PV}/cherokee-${PV}.tar.gz \
> +SRC_URI = "ftp://ftp.osuosl.org/.1/cherokee/1.2/${PV}/cherokee-${PV}.tar.gz \
>              file://cherokee.init \
>              file://cherokee.service \
>   "
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel