savannah-hackers-public
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS


From: Richard Stallman
Subject: Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS
Date: Mon, 10 Oct 2016 05:00:52 -0400

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > In the case of Savannah, if the user loads the page over HTTPS, they
  > will be served the login form over HTTPS.  That's good, but a redirect
  > should still otherwise happen.

I don't understand what you mean here.  Would you please state your
proposal concretely in a self-contained way?

However, that should be a separate discussion.  The question at hand
is to make Savannah _fully support HTTPS_, nothing more.

  > Richard: unless there's a compelling reason not to, I think the
  > sysadmins or Savannah hackers (whomever has the ablity) should just add
  > a webserver rule to redirect all requests on port 80 to 443.

Would this, by itself, fix the immediate problem?

  >   For
  > example, if the login form was loaded over HTTPS, but accidentally posts
  > to an HTTP link,

Please spell out that scenario more clearly; I do not follow you.

-- 
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]