[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#37348: [PATCH] hydra: berlin: Redirect HTTP to HTTPS by default.

From: Tobias Geerinckx-Rice
Subject: bug#37348: [PATCH] hydra: berlin: Redirect HTTP to HTTPS by default.
Date: Wed, 03 Nov 2021 02:06:31 +0100


Tobias Geerinckx-Rice via Bug reports for GNU Guix 写道:
This is a conservative patch: it only redirects guix.gnu.org and
issues.guix.gnu.org, the most (potential-)user-facing sites, to HTTPS.

CI should probably remain reachable over HTTP indefinitely.

Subprojects like GWL, friends like Bootstrappable, and anything else
retain ‘user choice’, until they opt in.

The current situation is actually more horked than that:

 ~ λ curl -LI https://gnu.org
 HTTP/1.1 301 Moved Permanently
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

This is a great security policy! It also announces to the modern world that *all* HTTP connections to *any* subdomain of gnu.org should be silently upgraded to HTTPS.

If your UA honours this header and has ever visited gnu.org, visiting http://ci.guix.gnu.org should not be possible. It will immediately upgrade to HTTPS. Certificate errors can no longer be bypassed. guix.gnu.org cannot relax this policy.

Now, for some reason, current Firefox doesn't seem to do any of this (compatibility?) but it may only be a matter of time.

Kind regards,


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]