@RichFelker will you redirect HTTP traffic to HTTPS then?
-
-
-
@necrophcodr Not sure. It's problematic for some minimalist users. Maybe UA-based, and exclude command line tools? -
@necrophcodr IMO redirecting to https is near-worthless without HSTS, and HSTS won't be honored by stateless tools anyway. -
@RichFelker@necrophcodr Stateless tools could import the Chromium HSTS preload list just like other browser vendors. It's not that big. -
@CopperheadSec@necrophcodr But that's not stateless, and makes an awful bug to track down (e.g. works for ppl without Chromium installed). -
@RichFelker@necrophcodr I mean the static preload list they ship with the browser based on preload in header: https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json …. -
@CopperheadSec@necrophcodr Ah okay. I thought you meant import from ~/.chromium or whatever.
End of conversation
New conversation -
-
-
@RichFelker sweet! this was one of the things that had me a little worried (repos served over unauthed plaintext, mainly) -
@FrozenFire Repos are git:// protocol only, but you can check the hashes against cgit over https if you want.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.