http://www.gentoo.org does not redirect to a secure TLS connection. All http connections should redirect to https.
Robin is there some reason we do not have this set up, or is it safe to enable? -A
(In reply to Christopher Smith from comment #0) > http://www.gentoo.org does not redirect to a secure TLS connection. All > http connections should redirect to https. "All http connections should redirect to https" is not a premise I agree with, but we should have some reason for not turning it on ;) -A
obsolete legacy reasons around old media lacking CAs & newer TLS, which I feel we should be well enough rid of by now. Anybody stuck bootstrapping ancient systems can run a local non-https mirror to use. Change pushed to puppet, should deploy in the next hour, and thereafter the CDN may take up to a day to expire the old cached result