This is the mail archive of the
overseers@sourceware.org
mailing list for the Sourceware project.
Re: Chrome will show security warnings on http://sourceware.org
- From: Joseph Myers <joseph at codesourcery dot com>
- To: Andrew Pinski <pinskia at gcc dot gnu dot org>
- Cc: Ian Lance Taylor <ianlancetaylor at gmail dot com>, "overseers at sourceware dot org" <overseers at sourceware dot org>
- Date: Fri, 18 Aug 2017 11:42:15 +0000
- Subject: Re: Chrome will show security warnings on http://sourceware.org
- Authentication-results: sourceware.org; auth=none
- References: <1e7fc2e614eb8a07.1503009694563.100215554.10038795.en.d8aac2711e523439@google.com> <CAOganjULF6U79R7jJkoYAhvXHWihFV7c1ZemaFKnzTxZxpLy8w@mail.gmail.com> <CA+=Sn1mb_xkAOJms3509s3Hb5NeXK=KqYC_hoK2RmxEBUHN7zA@mail.gmail.com>
On Thu, 17 Aug 2017, Andrew Pinski wrote:
> On Thu, Aug 17, 2017 at 4:59 PM, Ian Lance Taylor
> <ianlancetaylor@gmail.com> wrote:
> > Google is encouraging us to automatically switch to https, and is
> > threatening to issue security warnings if we don't.
>
> http://sourceware.org/gdb/wiki/GDB_8.0_Release
> Automatically goes to:
> https://sourceware.org/gdb/wiki/GDB_8.0_Release
>
> And has for a while now as far as I Know.
Only because you've visited the https pages and so have HSTS state in your
browser. There's no HTTP redirect (permanent) from http and https. Both
are useful: the redirect to catch cases without HSTS state, the HSTS to
avoid some connections following old links ever touching plain http at
all.
--
Joseph S. Myers
joseph@codesourcery.com