Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 768003 - redirect http://www.gentoo.org to TLS version of site
Summary: redirect http://www.gentoo.org to TLS version of site
Status: RESOLVED FIXED
Alias: None
Product: Websites
Classification: Unclassified
Component: Gentoo Website (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Infrastructure
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-30 15:39 UTC by Christopher Smith
Modified: 2021-02-01 07:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Smith 2021-01-30 15:39:40 UTC 
http://www.gentoo.org does not redirect to a secure TLS connection.  All http connections should redirect to https.
Comment 1 Alec Warner (RETIRED) archtester gentoo-dev Security 2021-01-31 00:32:32 UTC 
Robin is there some reason we do not have this set up, or is it safe to enable?

-A
Comment 2 Alec Warner (RETIRED) archtester gentoo-dev Security 2021-01-31 00:33:13 UTC 
(In reply to Christopher Smith from comment #0)
> http://www.gentoo.org does not redirect to a secure TLS connection.  All
> http connections should redirect to https.

"All http connections should redirect to https" is not a premise I agree with, but we should have some reason for not turning it on ;)

-A
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2021-02-01 07:45:39 UTC 
obsolete legacy reasons around old media lacking CAs & newer TLS, which I feel we should be well enough rid of by now. Anybody stuck bootstrapping ancient systems can run a local non-https mirror to use.

Change pushed to puppet, should deploy in the next hour, and thereafter the CDN may take up to a day to expire the old cached result