repo-criteria-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS


From: Juuso Lapinlampi
Subject: Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS
Date: Mon, 10 Oct 2016 14:37:20 +0000

On Mon, Oct 10, 2016 at 11:12:00AM +0000, Michal Grochmal wrote:
> As far as I am aware, that is the philosophy of the FSF: always give the
> user the choice, do not limit the user in anyway.  Even more if we are
> limiting the user because of security reasons.
> 
> Although I would in several occasions perform the HTTP->HTTPS redirect
> because it is a consensus of the information security community and
> because I want to protect unknowing users, I'm completely against this
> being implemented by the FSF.  This is because it goes against the FSF
> philosophy of empowering the user.

If permanent redirects are not okay in your opinion, do you have an
opinion on Upgrade-Insecure-Requests? It relies on the user explicitly
requesting to use "secure" requests only (HTTPS), but some browsers
(e.g. Chromium) do this by default.

See my previous message on this list for further explanation. [1]

[1]: 
https://lists.gnu.org/archive/html/repo-criteria-discuss/2016-10/msg00005.html



reply via email to

[Prev in Thread] Current Thread [Next in Thread]