[exim-dev] https://git.exim.org -- mandate?

Page principale
Ce message fait partie du fil suivant :
MArborescence complète du fil triée par date
 
 
Supprimer ce message
Répondre à ce message
Auteur: Phil Pennock
Date:  
À: Exim Developers
Sujet: [exim-dev] https://git.exim.org -- mandate?
Since Monday morning, we've had https://git.exim.org available.
http://git.exim.org is still available.

Does anyone have strong opinions over whether or not http://git should
force-redirect to https://git ?

For FTP site contents, it doesn't make much sense, since ftp:// remains
available and all retrievable code objects have signatures.

For git ... as far as I know, we don't have cloneable resources
available over http/https, so there's no repo breakage to risk. We also
don't currently have authenticated access and so the risk of private
repo access. So there's nothing too significant to risk.

But on the principle of "encrypted by default", we could do it, and
perhaps set some HTTP security headers.

Any opinions from those involved in dev?

-Phil

Ce message a été envoyé sur les listes de diffusion suivantes :
Exim-dev
Informations sur la liste de diffusion | Messages voisins		<-[exim-dev] [Bug 2004] CHUNKING without PIPELINING can get synch-fail[exim-dev] [Bug 1996] CVE-2016-9963 - DKIM info leak->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)