Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS

repo-criteria-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS

From:	Juuso Lapinlampi
Subject:	Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS
Date:	Mon, 10 Oct 2016 14:37:20 +0000

On Mon, Oct 10, 2016 at 11:12:00AM +0000, Michal Grochmal wrote:
> As far as I am aware, that is the philosophy of the FSF: always give the
> user the choice, do not limit the user in anyway.  Even more if we are
> limiting the user because of security reasons.
> 
> Although I would in several occasions perform the HTTP->HTTPS redirect
> because it is a consensus of the information security community and
> because I want to protect unknowing users, I'm completely against this
> being implemented by the FSF.  This is because it goes against the FSF
> philosophy of empowering the user.

If permanent redirects are not okay in your opinion, do you have an
opinion on Upgrade-Insecure-Requests? It relies on the user explicitly
requesting to use "secure" requests only (HTTPS), but some browsers
(e.g. Chromium) do this by default.

See my previous message on this list for further explanation. [1]

[1]: 
https://lists.gnu.org/archive/html/repo-criteria-discuss/2016-10/msg00005.html

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Repo-criteria-discuss] Savannah and HTTPS, (continued)
- Re: [Repo-criteria-discuss] Savannah and HTTPS, Mike Gerwitz, 2016/10/07
  - Re: [Repo-criteria-discuss] Savannah and HTTPS, Richard Stallman, 2016/10/08
    - Re: [Repo-criteria-discuss] Savannah and HTTPS, Hanno Böck, 2016/10/09
    - Re: [Repo-criteria-discuss] Savannah and HTTPS, Juuso Lapinlampi, 2016/10/09
    - Re: [Repo-criteria-discuss] Savannah and HTTPS, Mike Gerwitz, 2016/10/09
    - Re: [Repo-criteria-discuss] Savannah and HTTPS, Richard Stallman, 2016/10/10
    - Re: [Repo-criteria-discuss] Savannah and HTTPS, Mike Gerwitz, 2016/10/10
    - Re: [Repo-criteria-discuss] Savannah and HTTPS, Richard Stallman, 2016/10/10
    - Re: [Repo-criteria-discuss] Savannah and HTTPS, Hanno Böck, 2016/10/10
    - Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS, Michal Grochmal, 2016/10/10
    - Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS, Juuso Lapinlampi <=
    - Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS, Richard Stallman, 2016/10/10
    - [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/10
    - Re: [Repo-criteria-discuss] HSTS screw?, Mike Gerwitz, 2016/10/10
    - Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/11
    - Re: [Repo-criteria-discuss] HSTS screw?, Hanno Böck, 2016/10/11
    - Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/11
    - Re: [Repo-criteria-discuss] HSTS screw?, Hanno Böck, 2016/10/12
    - Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/12
    - Re: [Repo-criteria-discuss] HSTS screw?, Mike Gerwitz, 2016/10/12
    - Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/13

Prev by Date: Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS
Next by Date: Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS
Previous by thread: Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS
Next by thread: Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS
Index(es):
- Date
- Thread