GNU bug report logs -
#56512
URLs in coreutils manuals documentation should use HTTPS
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 56512 in the body.
You can then email your comments to 56512 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org
:
bug#56512
; Package
guix
.
(Tue, 12 Jul 2022 05:20:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ronak B <ronakworks <at> gmail.com>
:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org
.
(Tue, 12 Jul 2022 05:20:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi, I noticed today when I typed "man cat" and clicked on the "http://"
link in the man page that it did not redirect my browser from http to https.
$ curl -I http://www.gnu.org/software/coreutils/
HTTP/1.1 200 OK
Date: Tue, 12 Jul 2022 00:42:26 GMT
Server: Apache/2.4.29
Content-Location: coreutils.html
Vary: negotiate,Accept-Encoding
TCN: choice
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: (null)
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Tue, 12 Jul 2022 00:42:26 GMT
Content-Type: text/html
Content-Language: en
I also noticed this previous recent issue where this was resolved using an
nginx redirect from port 80 to 443 for *.guix.info
https://issues.guix.gnu.org/37348
Could we do this for all *.gnu.org too ?
After the domain and all of its subdomains are on HTTPS, then gnu.org can
also be added to the HSTS preload list.
https://hstspreload.org/
Best,
Ronak
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#56512
; Package
guix
.
(Tue, 12 Jul 2022 10:20:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 56512 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Ronak,
Guix does not control the infrastructure behind the GNU project. You need to contact the GNU sysadmins, though I don't know how :)
Le 12 juillet 2022 02:45:38 GMT+02:00, Ronak B <ronakworks <at> gmail.com> a écrit :
>Hi, I noticed today when I typed "man cat" and clicked on the "http://"
>link in the man page that it did not redirect my browser from http to https.
>
>$ curl -I http://www.gnu.org/software/coreutils/
>HTTP/1.1 200 OK
>Date: Tue, 12 Jul 2022 00:42:26 GMT
>Server: Apache/2.4.29
>Content-Location: coreutils.html
>Vary: negotiate,Accept-Encoding
>TCN: choice
>Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
>X-Frame-Options: sameorigin
>X-Content-Type-Options: nosniff
>Access-Control-Allow-Origin: (null)
>Accept-Ranges: bytes
>Cache-Control: max-age=0
>Expires: Tue, 12 Jul 2022 00:42:26 GMT
>Content-Type: text/html
>Content-Language: en
>
>I also noticed this previous recent issue where this was resolved using an
>nginx redirect from port 80 to 443 for *.guix.info
>
>https://issues.guix.gnu.org/37348
>
>Could we do this for all *.gnu.org too ?
>
>After the domain and all of its subdomains are on HTTPS, then gnu.org can
>also be added to the HSTS preload list.
>
>https://hstspreload.org/
>
>Best,
>Ronak
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#56512
; Package
guix
.
(Tue, 12 Jul 2022 11:06:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 56512 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Julien Lepiller <julien <at> lepiller.eu> writes:
> Guix does not control the infrastructure behind the GNU project. You need to contact the GNU sysadmins, though I don't know how :)
Check out <https://www.gnu.org/contact/>, it contains some information
that might be interesting to you.
Quoting from that page:
> Security reports
> for gnu.org or one of its subdomains
>
> * If you have GnuPG setup, send encrypted email the FSF Executive
> Director, Deputy Director, Web Developer, and Senior Sysadmins
> listed on our Staff and Board page.
> * If you don't have GnuPG setup, write to <sysadmin <at> gnu.org>.
And obviously, there is Richard Stallman <rms <at> gnu.org>.
--
Akib Azmain Turja
This message is signed by me with my GnuPG key. It's fingerprint is:
7001 8CE5 819F 17A3 BBA6 66AF E74F 0EFA 922A E7F5
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#56512
; Package
guix
.
(Tue, 12 Jul 2022 12:15:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 56512 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Thank you for the quick replies. Ok I will email the GNU project with
regard to the lack of a redirect.
I think we should change the man doc at least in all coreutils to use https
in the links instead of http.
Can we repurpose this ticket for that work or should we create a separate
ticket to update the man docs?
On Tue, Jul 12, 2022, 6:05 AM Akib Azmain Turja <akib <at> disroot.org> wrote:
> Julien Lepiller <julien <at> lepiller.eu> writes:
>
> > Guix does not control the infrastructure behind the GNU project. You
> need to contact the GNU sysadmins, though I don't know how :)
>
> Check out <https://www.gnu.org/contact/>, it contains some information
> that might be interesting to you.
>
> Quoting from that page:
>
> > Security reports
> > for gnu.org or one of its subdomains
> >
> > * If you have GnuPG setup, send encrypted email the FSF Executive
> > Director, Deputy Director, Web Developer, and Senior Sysadmins
> > listed on our Staff and Board page.
> > * If you don't have GnuPG setup, write to <sysadmin <at> gnu.org>.
>
> And obviously, there is Richard Stallman <rms <at> gnu.org>.
>
> --
> Akib Azmain Turja
>
> This message is signed by me with my GnuPG key. It's fingerprint is:
>
> 7001 8CE5 819F 17A3 BBA6 66AF E74F 0EFA 922A E7F5
>
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#56512
; Package
guix
.
(Tue, 12 Jul 2022 20:20:02 GMT)
Full text and
rfc822 format available.
Message #17 received at submit <at> debbugs.gnu.org (full text, mbox):
Ronak B <ronakworks <at> gmail.com> writes:
> Thank you for the quick replies. Ok I will email the GNU project with regard to the lack of a redirect.
>
> I think we should change the man doc at least in all coreutils to use https in the links instead of http.
>
> Can we repurpose this ticket for that work or should we create a separate ticket to update the man docs?
>
> On Tue, Jul 12, 2022, 6:05 AM Akib Azmain Turja <akib <at> disroot.org> wrote:
>
> Julien Lepiller <julien <at> lepiller.eu> writes:
>
> > Guix does not control the infrastructure behind the GNU project. You need to contact the GNU sysadmins, though I don't know how :)
>
> Check out <https://www.gnu.org/contact/>, it contains some information
> that might be interesting to you.
>
> Quoting from that page:
>
> > Security reports
> > for gnu.org or one of its subdomains
> >
> > * If you have GnuPG setup, send encrypted email the FSF Executive
> > Director, Deputy Director, Web Developer, and Senior Sysadmins
> > listed on our Staff and Board page.
> > * If you don't have GnuPG setup, write to <sysadmin <at> gnu.org>.
>
> And obviously, there is Richard Stallman <rms <at> gnu.org>.
>
> --
> Akib Azmain Turja
>
> This message is signed by me with my GnuPG key. It's fingerprint is:
>
> 7001 8CE5 819F 17A3 BBA6 66AF E74F 0EFA 922A E7F5
Remember that Guix now also has Tor mirrors which don't benefit from or
are hindered by HTTPS.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#56512
; Package
guix
.
(Tue, 12 Jul 2022 20:20:03 GMT)
Full text and
rfc822 format available.
Owner recorded as Maxim Cournoyer <maxim.cournoyer <at> gmail.com>.
Request was from
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
to
control <at> debbugs.gnu.org
.
(Thu, 14 Jul 2022 01:51:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#56512
; Package
guix
.
(Thu, 14 Jul 2022 01:58:02 GMT)
Full text and
rfc822 format available.
Message #25 received at 56512 <at> debbugs.gnu.org (full text, mbox):
retitle 56512 URLs in coreutils manuals documentation should use HTTPS
reassign 56512 coreutils
thanks
Hi Ronak,
Ronak B <ronakworks <at> gmail.com> writes:
> Thank you for the quick replies. Ok I will email the GNU project with
> regard to the lack of a redirect.
> I think we should change the man doc at least in all coreutils to use https in the links instead of http.
>
> Can we repurpose this ticket for that work or should we create a separate ticket to update the man docs?
OK. I'm re-titling the issue accordingly and reassign it to the
coreutils package, since this is where the change should be made if
accepted.
To coreutils maintainers: the suggested change would be to adjust URLs
everywhere in the documentation of coreutils to use HTTPS rather than
HTTP.
Thanks,
Maxim
Changed bug title to 'URLs in coreutils manuals documentation should use HTTPS' from 'gnu.org does not redirect http to https'
Request was from
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
to
control <at> debbugs.gnu.org
.
(Thu, 14 Jul 2022 01:58:02 GMT)
Full text and
rfc822 format available.
bug reassigned from package 'guix' to 'coreutils'.
Request was from
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
to
control <at> debbugs.gnu.org
.
(Thu, 14 Jul 2022 01:58:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-coreutils <at> gnu.org, Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
:
bug#56512
; Package
coreutils
.
(Sun, 18 Sep 2022 14:31:01 GMT)
Full text and
rfc822 format available.
Message #32 received at 56512 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
tags 56512 + patch
thanks
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
> To coreutils maintainers: the suggested change would be to adjust URLs
> everywhere in the documentation of coreutils to use HTTPS rather than
> HTTP.
Most of these were already fixed in commit be87d6129 and subsequently.
The attached patch fixes all remaining HTTP links in the tree where the
links still worked when using HTTPS, in my testing.
[0001-all-prefer-HTTPS-to-HTTP.patch (text/x-diff, attachment)]
Reply sent
to
Paul Eggert <eggert <at> cs.ucla.edu>
:
You have taken responsibility.
(Sun, 18 Sep 2022 18:44:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Ronak B <ronakworks <at> gmail.com>
:
bug acknowledged by developer.
(Sun, 18 Sep 2022 18:44:02 GMT)
Full text and
rfc822 format available.
Message #37 received at 56512-done <at> debbugs.gnu.org (full text, mbox):
Thanks, I installed that.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Mon, 17 Oct 2022 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 192 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.