[exim-dev] https://git.exim.org -- mandate?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Phil Pennock
Datum:  
To: Exim Developers
Betreff: [exim-dev] https://git.exim.org -- mandate?
Since Monday morning, we've had https://git.exim.org available.
http://git.exim.org is still available.

Does anyone have strong opinions over whether or not http://git should
force-redirect to https://git ?

For FTP site contents, it doesn't make much sense, since ftp:// remains
available and all retrievable code objects have signatures.

For git ... as far as I know, we don't have cloneable resources
available over http/https, so there's no repo breakage to risk. We also
don't currently have authenticated access and so the risk of private
repo access. So there's nothing too significant to risk.

But on the principle of "encrypted by default", we could do it, and
perhaps set some HTTP security headers.

Any opinions from those involved in dev?

-Phil