[exim-dev] https://git.exim.org -- mandate?

Página Inicial
Delete this message
Reply to this message
Autor: Phil Pennock
Data:  
Para: Exim Developers
Assunto: [exim-dev] https://git.exim.org -- mandate?
Since Monday morning, we've had https://git.exim.org available.
http://git.exim.org is still available.

Does anyone have strong opinions over whether or not http://git should
force-redirect to https://git ?

For FTP site contents, it doesn't make much sense, since ftp:// remains
available and all retrievable code objects have signatures.

For git ... as far as I know, we don't have cloneable resources
available over http/https, so there's no repo breakage to risk. We also
don't currently have authenticated access and so the risk of private
repo access. So there's nothing too significant to risk.

But on the principle of "encrypted by default", we could do it, and
perhaps set some HTTP security headers.

Any opinions from those involved in dev?

-Phil