[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#849514: lintian: Add homepage-uses-insecure-uri tag (HTTP uri in Homepage field)



Package: lintian
Severity: wishlist

Dear Maintainer,

Homepage field can point to HTTP uri, for example (from: https://sources.debian.net/src/libreoffice/1:5.2.4-2/debian/control/?hl=191#L191):
	Homepage: http://www.libreoffice.org
while HTTPS is available for the domain: https://www.libreoffice.org

The tag will be useful even for homepages that currently don't support HTTPS, as HTTPS becoming the standard for the entire web (HTTP 2 require TLS)
also some browsers are working on deprecating HTTP:
'Deprecating Non-Secure HTTP' https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
'Marking HTTP As Non-Secure'  https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
it will (hopefully) encourage upstream to support HTTPS for their website.

it looks like at least 1500 packages are affected by this:
https://codesearch.debian.net/search?q=Homepage%3A+http%3A%2F%2F+path%3Adebian%2F


Reply to: