[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-help-public] [sr #108126] Savannah web site is only partially
From: |
Francesco Poli |
Subject: |
[Savannah-help-public] [sr #108126] Savannah web site is only partially encrypted (https) |
Date: |
Sun, 09 Sep 2012 12:57:18 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.7) Gecko/20100101 Firefox/10.0.7 Iceweasel/10.0.7 |
URL:
<http://savannah.gnu.org/support/?108126>
Summary: Savannah web site is only partially encrypted
(https)
Project: Savannah Administration
Submitted by: frx
Submitted on: Sun 09 Sep 2012 02:57:17 PM CEST
Category: Savannah website
Priority: 5 - Normal
Severity: 6 - Security
Status: None
Assigned to: None
Originator Email:
Operating System: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
Hello,
navigating https://savannah.gnu.org/ is and has been rather annoying for a
number of months.
At each single page load, my browser (Iceweasel on Debian GNU/Linux) warns me
that the web site is only partially encrypted. I want to see that warning,
since I want to know what's going on, so disabling the warning is no
solution.
Moreover, this is not only annoying, but also a security issue, since the
browser, once it sees that the page is only partially encrypted, no longer
guarantees that all the connection is correctly encrypted. Hence, it seems to
me that there's no way to be sure that, e.g., the password I am entering while
logging in is not sent in clear text.
I would like to see Savannah fixed: I think that the problem is the banner
image which is directly taken from an external web site:
http://static.fsf.org/fsforg/img/thin-image.png
But it's possible that other similar issues exist.
Please substitute any external image with a local copy, sent to the browser
through the SSL/TLS encrypted connection. Then please check that the HTTPS
navigation works properly.
Thanks for your time.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?108126>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Savannah-help-public] [sr #108126] Savannah web site is only partially encrypted (https),
Francesco Poli <=