Bug#849514: lintian: Add homepage-uses-insecure-uri tag (HTTP uri in Homepage field)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#849514: lintian: Add homepage-uses-insecure-uri tag (HTTP uri in Homepage field)
From: Emanuel Bronshtein <e3amn2l@gmx.com>
Date: Wed, 28 Dec 2016 04:55:24 +0200
Message-id: <[🔎] 20161228025524.8512.45962.reportbug@emanuel-VirtualBox>
Reply-to: Emanuel Bronshtein <e3amn2l@gmx.com>, 849514@bugs.debian.org

Package: lintian
Severity: wishlist

Dear Maintainer,

Homepage field can point to HTTP uri, for example (from: https://sources.debian.net/src/libreoffice/1:5.2.4-2/debian/control/?hl=191#L191):
	Homepage: http://www.libreoffice.org
while HTTPS is available for the domain: https://www.libreoffice.org

The tag will be useful even for homepages that currently don't support HTTPS, as HTTPS becoming the standard for the entire web (HTTP 2 require TLS)
also some browsers are working on deprecating HTTP:
'Deprecating Non-Secure HTTP' https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
'Marking HTTP As Non-Secure'  https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
it will (hopefully) encourage upstream to support HTTPS for their website.

it looks like at least 1500 packages are affected by this:
https://codesearch.debian.net/search?q=Homepage%3A+http%3A%2F%2F+path%3Adebian%2F

Reply to:

Follow-Ups:
- Bug#849514: lintian: Add homepage-uses-insecure-uri tag (HTTP uri in Homepage field)
  - From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>

Prev by Date: Bug#849470: lintian: False positive missing-source: to long line (not minified)
Next by Date: Bug#849515: Add debian-watch-uses-insecure-uri tag (HTTP usage instead of HTTPS)
Previous by thread: Processed: Re: [lintian] Won't fix
Next by thread: Bug#849514: lintian: Add homepage-uses-insecure-uri tag (HTTP uri in Homepage field)
Index(es):
- Date
- Thread