GNU bug report logs - #47823
Hardenize Guix website TLS/DNS

Previous Next

Package: guix;

Reported by: bo0od <bo0od <at> riseup.net>

Date: Fri, 16 Apr 2021 11:01:01 UTC

Severity: normal

Full log

View this message in rfc822 format

From: "Dr. Arne Babenhauserheide" <arne_bab <at> web.de>
To: Leo Famulari <leo <at> famulari.name>
Cc: bo0od <at> riseup.net, 47823 <at> debbugs.gnu.org
Subject: bug#47823: Hardenize Guix website TLS/DNS
Date: Fri, 16 Apr 2021 23:36:15 +0200

[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:

>> - Force redirection of insecure connection with plain text to TLS
>> - HSTS/HSTS-preload support missing (important)
>
> Yes, we should enable these.

Be careful with HSTS, it can make the site inaccessible if you lose
access to a certificate and have to replace it. And yes, that can happen
easily, and you then won’t have a way to inform visitors why they cannot
access the site. If you enable it, make absolutely sure that the max-age
is short enough.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 2 years and 13 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.