On a side note, https://observatory.mozilla.org/analyze.html?host=www.gimp.org … was the result of hard work by the team.
There were some comments criticizing me for making such a buzz about FLIMP. But one day later we have default HTTPS downloads for GIMP and people start working on merging patches & fixing stuff. It worked.
-
-
-
... with the CSP part being the hardest of all - and that was with a pretty lean site to begin with. I'd imagine that to be a real horror if the HTML, CSS and JS comes out of a CMS whose devs never heard about the concept of a CSP...
End of conversation
New conversation -
-
-
But please make it a habit to start to write to the mailing lists of projects if you think bug reports do not receive the attention they deserve. This could have made things a lot smoother in this case.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
"one day later we have default HTTPS downloads" - Just a minor nitpick, we've had HTTPS downloads for a long time now, you mean HTTPS connections to MIRRORS.
@schumaml worked hard to make it that way a couple of years back now... -
@letsencrypt only went public last year, so it isn't "years" (sure feels that way, though). On that note, how important are the additional checks made by https://observatory.mozilla.org/analyze.html?host=download.gimp.org … - aren't framing and xss protection equally important as HTTPS itself?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.