From: Tobias Geerinckx-Rice via Bug reports for GNU Guix <bug-guix@gnu.org>
Cc: 37348@debbugs.gnu.org
Subject: bug#37348: [PATCH] hydra: berlin: Redirect HTTP to HTTPS by default.
Date: Wed, 03 Nov 2021 02:06:31 +0100 [thread overview]
Message-ID: <87ilxam46w.fsf@nckx> (raw)
In-Reply-To: <20211102160950.20467-1-me@tobias.gr>
[-- Attachment #1: Type: text/plain, Size: 1208 bytes --]
Damn,
Tobias Geerinckx-Rice via Bug reports for GNU Guix 写道:
> This is a conservative patch: it only redirects guix.gnu.org and
> issues.guix.gnu.org, the most (potential-)user-facing sites, to
> HTTPS.
>
> CI should probably remain reachable over HTTP indefinitely.
>
> Subprojects like GWL, friends like Bootstrappable, and anything
> else
> retain ‘user choice’, until they opt in.
The current situation is actually more horked than that:
~ λ curl -LI https://gnu.org
HTTP/1.1 301 Moved Permanently
[…]
Strict-Transport-Security: max-age=63072000; includeSubDomains;
preload
This is a great security policy! It also announces to the modern
world that *all* HTTP connections to *any* subdomain of gnu.org
should be silently upgraded to HTTPS.
If your UA honours this header and has ever visited gnu.org,
visiting http://ci.guix.gnu.org should not be possible. It will
immediately upgrade to HTTPS. Certificate errors can no longer be
bypassed. guix.gnu.org cannot relax this policy.
Now, for some reason, current Firefox doesn't seem to do any of
this (compatibility?) but it may only be a matter of time.
Kind regards,
T G-R
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]
next prev parent reply other threads:[~2021-11-03 1:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-09 2:16 bug#37348: Force https redirect missing from ci, workflow and workflows guix.info sub-domains Collin J. Doering
2019-09-09 6:47 ` Christopher Baines
2021-11-02 16:09 ` bug#37348: [PATCH] hydra: berlin: Redirect HTTP to HTTPS by default Tobias Geerinckx-Rice via Bug reports for GNU Guix
2021-11-03 1:06 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix [this message]
2021-11-03 1:18 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix
2021-11-19 16:03 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ilxam46w.fsf@nckx \
--to=bug-guix@gnu.org \
--cc=37348@debbugs.gnu.org \
--cc=me@tobias.gr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).