Re: people.debian.org will move from ravel to paradis and become HTTPS only
Op zondag 20 juli 2014 13:52:20 schreef Peter Palfrader:
> On Sun, 20 Jul 2014, Wouter Verhelst wrote:
> > These are all good arguments for enabling HTTPS and making it the
> > default (which I've said repeatedly is a move that I support, or at the
> > very least don't oppose), but not for *disabling* the possibility of
> > plain HTTP.
>
> Pray tell: How do you make it default.
- Enable HSTS on the domain
- Run "sed -i -e 's,http://people.debian.org,https://people.debian.org,g'"
over a webwml export.
- Create a robots.txt file which is visible from the HTTP export (but
not from the HTTPS one) which looks like this:
User-Agent: *
Disallow: /
With those three easy steps, the only URLs that people will ever find
will be HTTPS URLs. 99% of your traffic will be HTTPS traffic, and that
will be a good thing. Yet when necessary, doing unencrypted HTTP will
still be possible.
It still misses something like step 2 for wiki.debian.org and "all other
stuff out there", but because of step 1 that shouldn't be *too* much of
a problem.
This will also help in, say, the (granted, hypothetical) scenario where
a package in unstable breaks the system so badly that downloading files
over HTTPS is no longer possible and a maintainer wants to post a
(GPG-signed) patch over on http://people.debian.org
--
It is easy to love a country that is famous for chocolate and beer
-- Barack Obama, speaking in Brussels, Belgium, 2014-03-26
Reply to: