From debbugs-submit-bounces@debbugs.gnu.org Mon Sep 09 02:47:51 2019 Received: (at 37348) by debbugs.gnu.org; 9 Sep 2019 06:47:51 +0000 Received: from localhost ([127.0.0.1]:39480 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i7DSp-0001b7-54 for submit@debbugs.gnu.org; Mon, 09 Sep 2019 02:47:51 -0400 Received: from mira.cbaines.net ([212.71.252.8]:55432) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i7DSn-0001aw-IB for 37348@debbugs.gnu.org; Mon, 09 Sep 2019 02:47:50 -0400 Received: from localhost (cpc102582-walt20-2-0-cust14.13-2.cable.virginm.net [86.27.34.15]) by mira.cbaines.net (Postfix) with ESMTPSA id 26C101734B for <37348@debbugs.gnu.org>; Mon, 9 Sep 2019 07:47:48 +0100 (BST) Received: from capella (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id a5c9821a for <37348@debbugs.gnu.org>; Mon, 9 Sep 2019 06:47:46 +0000 (UTC) References: <8736h643ke.fsf@rekahsoft.ca> User-agent: mu4e 1.2.0; emacs 26.3 From: Christopher Baines To: 37348@debbugs.gnu.org Subject: Re: bug#37348: Force https redirect missing from ci, workflow and workflows guix.info sub-domains In-reply-to: <8736h643ke.fsf@rekahsoft.ca> Date: Mon, 09 Sep 2019 07:47:44 +0100 Message-ID: <87h85mney7.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 37348 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Collin J. Doering writes: > Not sure where the best place to report this, however today I noticed > that ci.guix.info, workflow.guix.info and workflows.guix.info do not > redirect http to https, though its also served over https. I'm unsure if this is intentional, or something to change. There are security advantages to forcing all users to use HTTPS, with the disadvantage that some of those users might not want to use HTTPS. I'm not sure whether the need for security on those domains is high enough to justify not supporting plain HTTP... --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl119ZBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9XeZnA//ectCSQ1pUy55pWjXxYfvfhNXYqvz79Vh0si0LJCpF3UhuVZZjq8j3D67 VSSMsT+9iqThmhrWu4Vl5dzJ9//jYZiGivgl4+ZF2b95BjT8FCT7+zA3xvwlNZ/A /UPkxMLlO/3DTW3sB3Fx6wwr9zDOCBojAK5jxPa/hcuVbhGrzTK0m/tfLWJqjiaI MjbxGqvroPTrKSZ8AekkeqYxsgvO9LsTqaSK1iGgaq42tf7+E67UHEvSLUE8gkn7 IpSK5hpQpdOqrYLCRpWqwW2bPqwro6Qbxrlp3nSlDjQtyAPH9oylk7AbnVEvEaiu W9FimoCdsSLi8jChdY+xrIfN2GBlLJkFR6J90k2MiI5R/ojBq5DUzxQxQdd4JZ+B ausRpy2o07hCWdVMQiRl1/B70ZxhCld9NC+tbebC9hcbKncscRopQSWzCPW6MnP7 Cg1j9GWSQQB2QTkp7Red7C8N1wE9TFpAkDWQEjJSHBv31/D0aXvqksu2Uf3RPFRQ ua7CyqxdrNPec8U9jhSc/Kl/RF2WJAh0lDb67/5TWtBlLhPP49ZCOQDrwAL9c+QH CYTyG++kOxbHmsZNRcUjXxM8LQXewqeLBrMaLe8U2gHwlyylhvC1hJ9B4+rz9pmh dpCf9iiS8GawrpVnKTJTa46Omv9/V8ZdHXBFtYWb+Ac6VVSkpBs= =OBPk -----END PGP SIGNATURE----- --=-=-=--