On Tue, May 17, 2016 at 7:13 AM, Josh Triplett wrote: > https://www.debian.org/ (and other Debian sites) serve a > Strict-Transport-Security header to enable HSTS. Please consider > enabling preloading as well; see https://hstspreload.appspot.com/
Unfortunately we can't do that because they only allow top-level domains to be preloaded and not all debian.org subdomains support https (and some never will, like nossl.people.debian.org). If that requirement were to be relaxed then we could get added to the preload list. -- bye, pabs https://wiki.debian.org/PaulWise
