bug#56512: gnu.org does not redirect http to https

bug#56512: gnu.org does not redirect http to https

[Ronak B]

[-- Attachment #1: Type: text/plain, Size: 1006 bytes --]

Hi, I noticed today when I typed "man cat" and clicked on the "http://"
link in the man page that it did not redirect my browser from http to https.

$ curl -I http://www.gnu.org/software/coreutils/
HTTP/1.1 200 OK
Date: Tue, 12 Jul 2022 00:42:26 GMT
Server: Apache/2.4.29
Content-Location: coreutils.html
Vary: negotiate,Accept-Encoding
TCN: choice
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: (null)
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Tue, 12 Jul 2022 00:42:26 GMT
Content-Type: text/html
Content-Language: en

I also noticed this previous recent issue where this was resolved using an
nginx redirect from port 80 to 443 for *.guix.info

https://issues.guix.gnu.org/37348

Could we do this for all *.gnu.org too ?

After the domain and all of its subdomains are on HTTPS, then gnu.org can
also be added to the HSTS preload list.

https://hstspreload.org/

Best,
Ronak

[-- Attachment #2: Type: text/html, Size: 1540 bytes --]

bug#56512: gnu.org does not redirect http to https

[Julien Lepiller]

[-- Attachment #1: Type: text/plain, Size: 1304 bytes --]

Hi Ronak,

Guix does not control the infrastructure behind the GNU project. You need to contact the GNU sysadmins, though I don't know how :)

Le 12 juillet 2022 02:45:38 GMT+02:00, Ronak B <ronakworks@gmail.com> a écrit :
>Hi, I noticed today when I typed "man cat" and clicked on the "http://"
>link in the man page that it did not redirect my browser from http to https.
>
>$ curl -I http://www.gnu.org/software/coreutils/
>HTTP/1.1 200 OK
>Date: Tue, 12 Jul 2022 00:42:26 GMT
>Server: Apache/2.4.29
>Content-Location: coreutils.html
>Vary: negotiate,Accept-Encoding
>TCN: choice
>Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
>X-Frame-Options: sameorigin
>X-Content-Type-Options: nosniff
>Access-Control-Allow-Origin: (null)
>Accept-Ranges: bytes
>Cache-Control: max-age=0
>Expires: Tue, 12 Jul 2022 00:42:26 GMT
>Content-Type: text/html
>Content-Language: en
>
>I also noticed this previous recent issue where this was resolved using an
>nginx redirect from port 80 to 443 for *.guix.info
>
>https://issues.guix.gnu.org/37348
>
>Could we do this for all *.gnu.org too ?
>
>After the domain and all of its subdomains are on HTTPS, then gnu.org can
>also be added to the HSTS preload list.
>
>https://hstspreload.org/
>
>Best,
>Ronak

[-- Attachment #2: Type: text/html, Size: 1976 bytes --]

bug#56512: gnu.org does not redirect http to https

[Akib Azmain Turja via Bug reports for GNU Guix]

[-- Attachment #1: Type: text/plain, Size: 844 bytes --]

Julien Lepiller <julien@lepiller.eu> writes:

> Guix does not control the infrastructure behind the GNU project. You need to contact the GNU sysadmins, though I don't know how :)

Check out <https://www.gnu.org/contact/>, it contains some information
that might be interesting to you.

Quoting from that page:

> Security reports 
> for gnu.org or one of its subdomains
> 
> * If you have GnuPG setup, send encrypted email the FSF Executive
>   Director, Deputy Director, Web Developer, and Senior Sysadmins
>   listed on our Staff and Board page.
> * If you don't have GnuPG setup, write to <sysadmin@gnu.org>.

And obviously, there is Richard Stallman <rms@gnu.org>.

-- 
Akib Azmain Turja

This message is signed by me with my GnuPG key.  It's fingerprint is:

    7001 8CE5 819F 17A3 BBA6  66AF E74F 0EFA 922A E7F5

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

bug#56512: gnu.org does not redirect http to https

[Ronak B]

[-- Attachment #1: Type: text/plain, Size: 1255 bytes --]

Thank you for the quick replies. Ok I will email the GNU project with
regard to the lack of a redirect.

I think we should change the man doc at least in all coreutils to use https
in the links instead of http.

Can we repurpose this ticket for that work or should we create a separate
ticket to update the man docs?

On Tue, Jul 12, 2022, 6:05 AM Akib Azmain Turja <akib@disroot.org> wrote:

> Julien Lepiller <julien@lepiller.eu> writes:
>
> > Guix does not control the infrastructure behind the GNU project. You
> need to contact the GNU sysadmins, though I don't know how :)
>
> Check out <https://www.gnu.org/contact/>, it contains some information
> that might be interesting to you.
>
> Quoting from that page:
>
> > Security reports
> > for gnu.org or one of its subdomains
> >
> > * If you have GnuPG setup, send encrypted email the FSF Executive
> >   Director, Deputy Director, Web Developer, and Senior Sysadmins
> >   listed on our Staff and Board page.
> > * If you don't have GnuPG setup, write to <sysadmin@gnu.org>.
>
> And obviously, there is Richard Stallman <rms@gnu.org>.
>
> --
> Akib Azmain Turja
>
> This message is signed by me with my GnuPG key.  It's fingerprint is:
>
>     7001 8CE5 819F 17A3 BBA6  66AF E74F 0EFA 922A E7F5
>

[-- Attachment #2: Type: text/html, Size: 2160 bytes --]

bug#56512: gnu.org does not redirect http to https

[Csepp]

Ronak B <ronakworks@gmail.com> writes:

> Thank you for the quick replies. Ok I will email the GNU project with regard to the lack of a redirect.
>
> I think we should change the man doc at least in all coreutils to use https in the links instead of http. 
>
> Can we repurpose this ticket for that work or should we create a separate ticket to update the man docs?
>
> On Tue, Jul 12, 2022, 6:05 AM Akib Azmain Turja <akib@disroot.org> wrote:
>
>  Julien Lepiller <julien@lepiller.eu> writes:
>
>  > Guix does not control the infrastructure behind the GNU project. You need to contact the GNU sysadmins, though I don't know how :)
>
>  Check out <https://www.gnu.org/contact/>, it contains some information
>  that might be interesting to you.
>
>  Quoting from that page:
>
>  > Security reports 
>  > for gnu.org or one of its subdomains
>  > 
>  > * If you have GnuPG setup, send encrypted email the FSF Executive
>  >   Director, Deputy Director, Web Developer, and Senior Sysadmins
>  >   listed on our Staff and Board page.
>  > * If you don't have GnuPG setup, write to <sysadmin@gnu.org>.
>
>  And obviously, there is Richard Stallman <rms@gnu.org>.
>
>  -- 
>  Akib Azmain Turja
>
>  This message is signed by me with my GnuPG key.  It's fingerprint is:
>
>      7001 8CE5 819F 17A3 BBA6  66AF E74F 0EFA 922A E7F5

Remember that Guix now also has Tor mirrors which don't benefit from or
are hindered by HTTPS.

bug#56512: gnu.org does not redirect http to https

[Maxim Cournoyer]

retitle 56512 URLs in coreutils manuals documentation should use HTTPS
reassign 56512 coreutils
thanks

Hi Ronak,

Ronak B <ronakworks@gmail.com> writes:

> Thank you for the quick replies. Ok I will email the GNU project with
> regard to the lack of a redirect.

> I think we should change the man doc at least in all coreutils to use https in the links instead of http. 
>
> Can we repurpose this ticket for that work or should we create a separate ticket to update the man docs?

OK.  I'm re-titling the issue accordingly and reassign it to the
coreutils package, since this is where the change should be made if
accepted.

To coreutils maintainers: the suggested change would be to adjust URLs
everywhere in the documentation of coreutils to use HTTPS rather than
HTTP.

Thanks,

Maxim