Bug#824514: Please enable HSTS preloading

To: Josh Triplett <josh@joshtriplett.org>, 824514@bugs.debian.org
Subject: Bug#824514: Please enable HSTS preloading
From: Paul Wise <pabs@debian.org>
Date: Tue, 17 May 2016 15:44:36 +0800
Message-id: <[🔎] CAKTje6HSpNjYo+ENPfDQOkbG-KDKR=6_WZEgjrOXm0XZdaoYdQ@mail.gmail.com>
Reply-to: Paul Wise <pabs@debian.org>, 824514@bugs.debian.org
In-reply-to: <[🔎] 146344041845.3729.11447821772235385414.reportbug@jtriplet-mobl2.jf.intel.com>
References: <[🔎] 146344041845.3729.11447821772235385414.reportbug@jtriplet-mobl2.jf.intel.com>

On Tue, May 17, 2016 at 7:13 AM, Josh Triplett wrote:

> https://www.debian.org/ (and other Debian sites) serve a
> Strict-Transport-Security header to enable HSTS.  Please consider
> enabling preloading as well; see https://hstspreload.appspot.com/

Unfortunately we can't do that because they only allow top-level
domains to be preloaded and not all debian.org subdomains support
https (and some never will, like nossl.people.debian.org). If that
requirement were to be relaxed then we could get added to the preload
list.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

References:
- Bug#824514: Please enable HSTS preloading
  - From: Josh Triplett <josh@joshtriplett.org>

Prev by Date: Bug#824514: Please enable HSTS preloading
Next by Date: Re-design your website for more visitor and a new look
Previous by thread: Bug#824514: Please enable HSTS preloading
Next by thread: Re-design your website for more visitor and a new look
Index(es):
- Date
- Thread