Re: people.debian.org will move from ravel to paradis and become HTTPS only

To: debian-devel@lists.debian.org
Cc: debian-admin@lists.debian.org
Subject: Re: people.debian.org will move from ravel to paradis and become HTTPS only
From: The Wanderer <wanderer@fastmail.fm>
Date: Sun, 20 Jul 2014 15:19:36 -0400
Message-id: <[🔎] 53CC1648.10603@fastmail.fm>
In-reply-to: <[🔎] 3393543.bD2t4UQqmO@grep.be>
References: <20140713201310.GA27144@ftbfs.de> <[🔎] 4187590.a2xDFsNMJL@grep.be> <[🔎] 20140720161914.GN626@anguilla.noreply.org> <[🔎] 3393543.bD2t4UQqmO@grep.be>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 07/20/2014 03:08 PM, Wouter Verhelst wrote:

> Op zondag 20 juli 2014 18:19:14 schreef Peter Palfrader:

>> None of these brings people who type in people.debian.org into
>> their browser to https.
> 
> If they type it in because they want to avoid HTTPS for whatever
> local reason, then that's a feature, not a bug.
> 
> If they type it in because they were given a HTTP URL rather than a
> HTTPS one by someone else, then you should cluebat that someone else.

What if they don't type in any protocol, but just type in the server
name? That's very common among people who are less technically inclined
(and who bother to type URLs at all), and even among those who are more
so, ever since the day browsers first implemented the necessary smarts
to let it work in the first place.

Most browsers, and for that matter other HTTP clients, will default to
trying HTTP - not HTTPS - if given a URL that doesn't specify any
protocol. I'm anal-retentive about typing the full URL (including
protocol) manually when not just clicking on a link, as a matter of
standing on principle, and even I just accept that default sometimes.

Changing that default, without forcing HTTPS in the way which people in
this thread are objecting to, would seem to require changing all of
those clients - a much, much bigger proposition than the administrators
of any one server can practically tackle.

- --
   The Wanderer

Secrecy is the beginning of tyranny.

A government exists to serve its citizens, not to control them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJTzBZIAAoJEASpNY00KDJrlvkP/AytcRxckyGfR1qRu92Tto9F
fkQKeUisziYe2/hTwlhXAwBp5wSZryXBJWMyyQSgwxm31EXvLrKg8DWlVc0l+CKm
GSE1sFW1RjB8iaSZ7Joy0M+nu2rS7W+NMlTPIbeJ8QzGBqYb+QyhTHchJyIw1NmR
j+1HsUWJwU69xEOvsk3Goev3OYe6xGGVwOqjYj2f3x7O2C063qi8YhvvsL6oXqgC
2JBZWsXLUDtfrHUZ4c2agkv6hjxZqIuWZkydcsRmHlUKqO9yqOjgMSr6bWNhjqlz
ASpvuFpmA63xhqQ3NOVgoGQrwrPft/Lx6JGbgLmu/KSBPfH5GEzLipsJJjBtUo9+
122kjba+gEXy+CNHU4Fny9+ZuxlMNqsDyeDqVDLMP76PdlWOw3F2ramYhgiPHsHm
NyRNva8aQbsoH0B9Z9RsdbD3TbtNjL7fDerZ3dQEnPuwR9Xt451V/ATk77TuaSpI
IIOvNRZDSG3fX6KZ41g/GyvJHyjaJ8r+5sUcbco042btymbCKjxTHEyWjB1f8ZGj
GTndBcbgXn2hMKA/qMIDk+V+HJC+gdm4nx0h/ARRS856V9Fx7YQbSNz334q3ctqY
MjIdIzNLkJif1g6FNdEhAhPYl5F7j4aywHEcwh9FQbt4pGXzuwa7fDTrznmCs0gT
gPn4CIcCyRjzNrUWhSC9
=JiyN
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Wouter Verhelst <w@uter.be>
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Peter Palfrader <weasel@debian.org>
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Wouter Verhelst <w@uter.be>

Prev by Date: Re: people.debian.org will move from ravel to paradis and become HTTPS only
Next by Date: Re: people.debian.org will move from ravel to paradis and become HTTPS only
Previous by thread: Re: people.debian.org will move from ravel to paradis and become HTTPS only
Next by thread: Re: people.debian.org will move from ravel to paradis and become HTTPS only
Index(es):
- Date
- Thread