[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: people.debian.org will move from ravel to paradis and become HTTPS only

On Mon, 21 Jul 2014, Jakub Wilk wrote:

> * Peter Palfrader <weasel@debian.org>, 2014-07-20, 12:07:
> >we have been moving towards https for most services over the last
> >12 months.
> Is that intentional that the http->https redirect for bugs.d.o is
> only temporary (302)? Should we update devscripts and
> python-debianbts to use HTTPS for accessing this host?

302 often is the default, and at least when changing configs it's a lot
more forgiving to mistakes than 301.  And then nobody changes it.  We
probably have a zoo of 301 and 302s all over.

It's not entirely clear which host you mean by "this", but if it's bugs
then I'd say yes.  If it's something else that sends HSTS headers, then
also yes.  If it's something else entirely, ask again?

> Do you plan to enable HTTPS on incoming.d.o and lintian.d.o?

Lintian is now done.  We haven't thought about incoming.debian.org yet -
it seems a bit of a strange thing anyway.  Who uses that right now, with
no obvious means at all to verify the authenticity of binary packages?

                           |  .''`.       ** Debian **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

Reply to: