On Sun, Jul 20, 2014 at 06:19:14PM +0200, Peter Palfrader wrote: > None of these brings people who type in people.debian.org into their > browser to https. Right. AFAICT the only technical change that will do that (sanely) is an HTTP-level redirection from http://(.*) to https://$1 . Having that enabled by default, plus a way for DDs to opt-out to the redirection (dunno, by dropping .no-https-by-default files in suitable sub-directories of ~/public_html) would nicely address the few objections I've seen in this thread. FWIW: - it's not entirely clear how much extra work implementing this would require. In particular, I haven't put much thought in an easy way to implement the directory-level opt-out. - I *personally* don't mind having https only, quite the contrary! But I got hooked by the discussions and couldn't resist proposing an API :) (sorry) Cheers. -- Stefano Zacchiroli . . . . . . . zack@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Former Debian Project Leader . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club »
Attachment:
signature.asc
Description: Digital signature