URL:
<http://savannah.gnu.org/support/?109219>
Summary: When downloading from HTTPS, user should not be
redirected to HTTP mirrors
Project: Savannah Administration
Submitted by: gaming4jc
Submitted on: Sat 14 Jan 2017 03:15:23 AM GMT
Category: Savannah website
Priority: 5 - Normal
Severity: 4 - Important
Status: None
Assigned to: None
Originator Email:
Operating System: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
Hello,
I am attempting to download from HTTPS. However, when I try to reach any
project I am redirected to a number of random mirrors.
Take for example: https://download.savannah.gnu.org/releases/attr
Most of these mirrors are running http. This is not good for security,
especially on public networks.
I see several solutions to this problem.
1) Rewrite rule, if user is coming from HTTPS, send to HTTPS (would break
mirrors without HTTPS support)
2) Enforce an HTTPS policy across mirrors
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?109219>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
