On Dec 23, 2014 10:22 PM, "Paul Wise" <pabs@debian.org> wrote:
> I think it would be better to link to https only because debian.org
> services redirect all sites to https (except www.d.o but that uses a
> HSTS/CSS trick to redirect to https).
I disagree.
Debsources itself isn't something that specifically warrants https-only access, so we should enable the amin deploying the code to make that choice for herself. Using scheme-relative URLs enables that choice.
Debian has chosen to use https, so our instance of the service can be configured at the httpd level to only allow https access.
Cheers,
James