On 05/05/2010 06:11 AM, Holger Levsen wrote: > On Mittwoch, 5. Mai 2010, Daniel Kahn Gillmor wrote: >> 1) the "DebConf resources" link on the front page points to >> https://penta.debconf.org/resources.shtml, which is a 404 Not Found. >> Maybe it's supposed to be https://www.debconf.org/resources.shtml ? > > fixed wow, that was fast, thanks! >> 2) https://penta.debconf.org/ contains a bunch of images served in the >> clear from http://www.debconf.org/. This is considered a data leak by >> most browsers, and they will usually show a "broken lock" icon. >> >> Standard practices for https web sites would have all the embedded >> content served via https instead of http. The simplest way to "fix" the >> broken lock would probably be to replace all those img src's with >> https:// instead of http:// (since www.debconf.org is also offered via >> https). > > The problem is in the stylesheet hrm. the stylesheet itself is loaded from http://www.debconf.org/, which would cause a "broken lock", and there are at least two img elements on that page (the navigation icons to the upper-right of the content area) that are src'ed from http://www.debconf.org. > and doesnt show up in konqueror, so I left > this as it is, at least for now. This might indicate a bug in konqueror, then. It should not represent web sites that pull data over cleartext connections as having been fetched via an encrypted channel. I'll look into it. --dkg
Attachment:
signature.asc
Description: OpenPGP digital signature