[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS
|
From: |
Juuso Lapinlampi |
|
Subject: |
Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS |
|
Date: |
Mon, 10 Oct 2016 14:37:20 +0000 |
On Mon, Oct 10, 2016 at 11:12:00AM +0000, Michal Grochmal wrote:
> As far as I am aware, that is the philosophy of the FSF: always give the
> user the choice, do not limit the user in anyway. Even more if we are
> limiting the user because of security reasons.
>
> Although I would in several occasions perform the HTTP->HTTPS redirect
> because it is a consensus of the information security community and
> because I want to protect unknowing users, I'm completely against this
> being implemented by the FSF. This is because it goes against the FSF
> philosophy of empowering the user.
If permanent redirects are not okay in your opinion, do you have an
opinion on Upgrade-Insecure-Requests? It relies on the user explicitly
requesting to use "secure" requests only (HTTPS), but some browsers
(e.g. Chromium) do this by default.
See my previous message on this list for further explanation. [1]
[1]:
https://lists.gnu.org/archive/html/repo-criteria-discuss/2016-10/msg00005.html
- Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS, Mike Gerwitz, 2016/10/07
- Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS, Richard Stallman, 2016/10/10
- Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS, Hanno Böck, 2016/10/10
- Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS, Michal Grochmal, 2016/10/10
- Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS,
Juuso Lapinlampi <=
- Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS, Mike Gerwitz, 2016/10/10
Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS, Paul Smith, 2016/10/10