On Sun, 2016-03-06 at 19:19 +0000, Bas Wijnen wrote: > On Sun, Mar 06, 2016 at 07:35:57PM +0100, Jakub Wilk wrote: > > > > So, what we're going to do about it? I see the following options: > > > > B) Fix the spec to allow the HTTPS URL; fix the HTTP-only consumers. > That. Https is good for our users. Even if the effect of this change is very > minor, we should show them that it should be the default everywhere. The use of the 'http:' scheme in a format identifier has nothing to do with the protocol used to find information about the format. You might as well advocate for changing the URLs used to identify XML namespaces to use the 'https:' scheme, and with the same effects on compatibility (negative) and security (none whatsoever). Ben. -- Ben Hutchings When in doubt, use brute force. - Ken Thompson
Attachment:
signature.asc
Description: This is a digitally signed message part