GNU bug report logs - #56512
URLs in coreutils manuals documentation should use HTTPS

Previous Next

Package: coreutils;

Reported by: Ronak B <ronakworks <at> gmail.com>

Date: Tue, 12 Jul 2022 05:20:02 UTC

Owned by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ronak B <ronakworks <at> gmail.com>
Subject: bug#56512: closed (Re: bug#56512: URLs in coreutils manuals
 documentation should use HTTPS)
Date: Sun, 18 Sep 2022 18:44:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#56512: URLs in coreutils manuals documentation should use HTTPS

which was filed against the coreutils package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 56512 <at> debbugs.gnu.org.

-- 
56512: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=56512
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Stefan Kangas <stefankangas <at> gmail.com>,
 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: Ronak B <ronakworks <at> gmail.com>, 56512-done <at> debbugs.gnu.org,
 Julien Lepiller <julien <at> lepiller.eu>, Akib Azmain Turja <akib <at> disroot.org>
Subject: Re: bug#56512: URLs in coreutils manuals documentation should use
 HTTPS
Date: Sun, 18 Sep 2022 11:43:42 -0700

Thanks, I installed that.


[Message part 3 (message/rfc822, inline)]
From: Ronak B <ronakworks <at> gmail.com>
To: bug-guix <at> gnu.org
Subject: gnu.org does not redirect http to https
Date: Mon, 11 Jul 2022 19:45:38 -0500

[Message part 4 (text/plain, inline)]
Hi, I noticed today when I typed "man cat" and clicked on the "http://"
link in the man page that it did not redirect my browser from http to https.

$ curl -I http://www.gnu.org/software/coreutils/
HTTP/1.1 200 OK
Date: Tue, 12 Jul 2022 00:42:26 GMT
Server: Apache/2.4.29
Content-Location: coreutils.html
Vary: negotiate,Accept-Encoding
TCN: choice
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: (null)
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Tue, 12 Jul 2022 00:42:26 GMT
Content-Type: text/html
Content-Language: en

I also noticed this previous recent issue where this was resolved using an
nginx redirect from port 80 to 443 for *.guix.info

https://issues.guix.gnu.org/37348

Could we do this for all *.gnu.org too ?

After the domain and all of its subdomains are on HTTPS, then gnu.org can
also be added to the HSTS preload list.

https://hstspreload.org/

Best,
Ronak

[Message part 5 (text/html, inline)]
This bug report was last modified 2 years and 305 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.