GNU bug report logs - #56512
URLs in coreutils manuals documentation should use HTTPS

Previous Next

Package: coreutils;

Reported by: Ronak B <ronakworks <at> gmail.com>

Date: Tue, 12 Jul 2022 05:20:02 UTC

Owned by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 56512 in the body.
You can then email your comments to 56512 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#56512; Package guix. (Tue, 12 Jul 2022 05:20:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Ronak B <ronakworks <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Tue, 12 Jul 2022 05:20:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ronak B <ronakworks <at> gmail.com>
To: bug-guix <at> gnu.org
Subject: gnu.org does not redirect http to https
Date: Mon, 11 Jul 2022 19:45:38 -0500

[Message part 1 (text/plain, inline)]
Hi, I noticed today when I typed "man cat" and clicked on the "http://"
link in the man page that it did not redirect my browser from http to https.

$ curl -I http://www.gnu.org/software/coreutils/
HTTP/1.1 200 OK
Date: Tue, 12 Jul 2022 00:42:26 GMT
Server: Apache/2.4.29
Content-Location: coreutils.html
Vary: negotiate,Accept-Encoding
TCN: choice
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: (null)
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Tue, 12 Jul 2022 00:42:26 GMT
Content-Type: text/html
Content-Language: en

I also noticed this previous recent issue where this was resolved using an
nginx redirect from port 80 to 443 for *.guix.info

https://issues.guix.gnu.org/37348

Could we do this for all *.gnu.org too ?

After the domain and all of its subdomains are on HTTPS, then gnu.org can
also be added to the HSTS preload list.

https://hstspreload.org/

Best,
Ronak

[Message part 2 (text/html, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#56512; Package guix. (Tue, 12 Jul 2022 10:20:02 GMT) Full text and rfc822 format available.

Message #8 received at 56512 <at> debbugs.gnu.org (full text, mbox):

From: Julien Lepiller <julien <at> lepiller.eu>
To: Ronak B <ronakworks <at> gmail.com>, 56512 <at> debbugs.gnu.org
Subject: Re: bug#56512: gnu.org does not redirect http to https
Date: Tue, 12 Jul 2022 12:19:50 +0200

[Message part 1 (text/plain, inline)]
Hi Ronak,

Guix does not control the infrastructure behind the GNU project. You need to contact the GNU sysadmins, though I don't know how :)

Le 12 juillet 2022 02:45:38 GMT+02:00, Ronak B <ronakworks <at> gmail.com> a écrit :
>Hi, I noticed today when I typed "man cat" and clicked on the "http://"
>link in the man page that it did not redirect my browser from http to https.
>
>$ curl -I http://www.gnu.org/software/coreutils/
>HTTP/1.1 200 OK
>Date: Tue, 12 Jul 2022 00:42:26 GMT
>Server: Apache/2.4.29
>Content-Location: coreutils.html
>Vary: negotiate,Accept-Encoding
>TCN: choice
>Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
>X-Frame-Options: sameorigin
>X-Content-Type-Options: nosniff
>Access-Control-Allow-Origin: (null)
>Accept-Ranges: bytes
>Cache-Control: max-age=0
>Expires: Tue, 12 Jul 2022 00:42:26 GMT
>Content-Type: text/html
>Content-Language: en
>
>I also noticed this previous recent issue where this was resolved using an
>nginx redirect from port 80 to 443 for *.guix.info
>
>https://issues.guix.gnu.org/37348
>
>Could we do this for all *.gnu.org too ?
>
>After the domain and all of its subdomains are on HTTPS, then gnu.org can
>also be added to the HSTS preload list.
>
>https://hstspreload.org/
>
>Best,
>Ronak

[Message part 2 (text/html, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#56512; Package guix. (Tue, 12 Jul 2022 11:06:01 GMT) Full text and rfc822 format available.

Message #11 received at 56512 <at> debbugs.gnu.org (full text, mbox):

From: Akib Azmain Turja <akib <at> disroot.org>
To: Julien Lepiller <julien <at> lepiller.eu>, Ronak B <ronakworks <at> gmail.com>,
 56512 <at> debbugs.gnu.org
Subject: Re: bug#56512: gnu.org does not redirect http to https
Date: Tue, 12 Jul 2022 17:03:53 +0600

[Message part 1 (text/plain, inline)]
Julien Lepiller <julien <at> lepiller.eu> writes:

> Guix does not control the infrastructure behind the GNU project. You need to contact the GNU sysadmins, though I don't know how :)

Check out <https://www.gnu.org/contact/>, it contains some information
that might be interesting to you.

Quoting from that page:

> Security reports 
> for gnu.org or one of its subdomains
> 
> * If you have GnuPG setup, send encrypted email the FSF Executive
>   Director, Deputy Director, Web Developer, and Senior Sysadmins
>   listed on our Staff and Board page.
> * If you don't have GnuPG setup, write to <sysadmin <at> gnu.org>.

And obviously, there is Richard Stallman <rms <at> gnu.org>.

-- 
Akib Azmain Turja

This message is signed by me with my GnuPG key.  It's fingerprint is:

    7001 8CE5 819F 17A3 BBA6  66AF E74F 0EFA 922A E7F5

[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#56512; Package guix. (Tue, 12 Jul 2022 12:15:02 GMT) Full text and rfc822 format available.

Message #14 received at 56512 <at> debbugs.gnu.org (full text, mbox):

From: Ronak B <ronakworks <at> gmail.com>
To: Akib Azmain Turja <akib <at> disroot.org>
Cc: Julien Lepiller <julien <at> lepiller.eu>, 56512 <at> debbugs.gnu.org
Subject: Re: bug#56512: gnu.org does not redirect http to https
Date: Tue, 12 Jul 2022 07:13:57 -0500

[Message part 1 (text/plain, inline)]
Thank you for the quick replies. Ok I will email the GNU project with
regard to the lack of a redirect.

I think we should change the man doc at least in all coreutils to use https
in the links instead of http.

Can we repurpose this ticket for that work or should we create a separate
ticket to update the man docs?

On Tue, Jul 12, 2022, 6:05 AM Akib Azmain Turja <akib <at> disroot.org> wrote:

> Julien Lepiller <julien <at> lepiller.eu> writes:
>
> > Guix does not control the infrastructure behind the GNU project. You
> need to contact the GNU sysadmins, though I don't know how :)
>
> Check out <https://www.gnu.org/contact/>, it contains some information
> that might be interesting to you.
>
> Quoting from that page:
>
> > Security reports
> > for gnu.org or one of its subdomains
> >
> > * If you have GnuPG setup, send encrypted email the FSF Executive
> >   Director, Deputy Director, Web Developer, and Senior Sysadmins
> >   listed on our Staff and Board page.
> > * If you don't have GnuPG setup, write to <sysadmin <at> gnu.org>.
>
> And obviously, there is Richard Stallman <rms <at> gnu.org>.
>
> --
> Akib Azmain Turja
>
> This message is signed by me with my GnuPG key.  It's fingerprint is:
>
>     7001 8CE5 819F 17A3 BBA6  66AF E74F 0EFA 922A E7F5
>

[Message part 2 (text/html, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#56512; Package guix. (Tue, 12 Jul 2022 20:20:02 GMT) Full text and rfc822 format available.

Message #17 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Csepp <raingloom <at> riseup.net>
To: Ronak B <ronakworks <at> gmail.com>
Cc: bug-guix <at> gnu.org, Julien Lepiller <julien <at> lepiller.eu>,
 56512 <at> debbugs.gnu.org, Akib Azmain Turja <akib <at> disroot.org>
Subject: Re: bug#56512: gnu.org does not redirect http to https
Date: Tue, 12 Jul 2022 22:19:06 +0200

Ronak B <ronakworks <at> gmail.com> writes:

> Thank you for the quick replies. Ok I will email the GNU project with regard to the lack of a redirect.
>
> I think we should change the man doc at least in all coreutils to use https in the links instead of http. 
>
> Can we repurpose this ticket for that work or should we create a separate ticket to update the man docs?
>
> On Tue, Jul 12, 2022, 6:05 AM Akib Azmain Turja <akib <at> disroot.org> wrote:
>
>  Julien Lepiller <julien <at> lepiller.eu> writes:
>
>  > Guix does not control the infrastructure behind the GNU project. You need to contact the GNU sysadmins, though I don't know how :)
>
>  Check out <https://www.gnu.org/contact/>, it contains some information
>  that might be interesting to you.
>
>  Quoting from that page:
>
>  > Security reports 
>  > for gnu.org or one of its subdomains
>  > 
>  > * If you have GnuPG setup, send encrypted email the FSF Executive
>  >   Director, Deputy Director, Web Developer, and Senior Sysadmins
>  >   listed on our Staff and Board page.
>  > * If you don't have GnuPG setup, write to <sysadmin <at> gnu.org>.
>
>  And obviously, there is Richard Stallman <rms <at> gnu.org>.
>
>  -- 
>  Akib Azmain Turja
>
>  This message is signed by me with my GnuPG key.  It's fingerprint is:
>
>      7001 8CE5 819F 17A3 BBA6  66AF E74F 0EFA 922A E7F5

Remember that Guix now also has Tor mirrors which don't benefit from or
are hindered by HTTPS.
Information forwarded to bug-guix <at> gnu.org:
bug#56512; Package guix. (Tue, 12 Jul 2022 20:20:03 GMT) Full text and rfc822 format available.
Owner recorded as Maxim Cournoyer <maxim.cournoyer <at> gmail.com>. Request was from Maxim Cournoyer <maxim.cournoyer <at> gmail.com> to control <at> debbugs.gnu.org. (Thu, 14 Jul 2022 01:51:02 GMT) Full text and rfc822 format available.
Information forwarded to bug-guix <at> gnu.org:
bug#56512; Package guix. (Thu, 14 Jul 2022 01:58:02 GMT) Full text and rfc822 format available.

Message #25 received at 56512 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Ronak B <ronakworks <at> gmail.com>
Cc: Julien Lepiller <julien <at> lepiller.eu>, GNU Debbugs <control <at> debbugs.gnu.org>,
 56512 <at> debbugs.gnu.org, Akib Azmain Turja <akib <at> disroot.org>
Subject: Re: bug#56512: gnu.org does not redirect http to https
Date: Wed, 13 Jul 2022 21:56:51 -0400

retitle 56512 URLs in coreutils manuals documentation should use HTTPS
reassign 56512 coreutils
thanks

Hi Ronak,

Ronak B <ronakworks <at> gmail.com> writes:

> Thank you for the quick replies. Ok I will email the GNU project with
> regard to the lack of a redirect.

> I think we should change the man doc at least in all coreutils to use https in the links instead of http. 
>
> Can we repurpose this ticket for that work or should we create a separate ticket to update the man docs?

OK.  I'm re-titling the issue accordingly and reassign it to the
coreutils package, since this is where the change should be made if
accepted.

To coreutils maintainers: the suggested change would be to adjust URLs
everywhere in the documentation of coreutils to use HTTPS rather than
HTTP.

Thanks,

Maxim
Changed bug title to 'URLs in coreutils manuals documentation should use HTTPS' from 'gnu.org does not redirect http to https' Request was from Maxim Cournoyer <maxim.cournoyer <at> gmail.com> to control <at> debbugs.gnu.org. (Thu, 14 Jul 2022 01:58:02 GMT) Full text and rfc822 format available.
bug reassigned from package 'guix' to 'coreutils'. Request was from Maxim Cournoyer <maxim.cournoyer <at> gmail.com> to control <at> debbugs.gnu.org. (Thu, 14 Jul 2022 01:58:02 GMT) Full text and rfc822 format available.
Information forwarded to bug-coreutils <at> gnu.org, Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
bug#56512; Package coreutils. (Sun, 18 Sep 2022 14:31:01 GMT) Full text and rfc822 format available.

Message #32 received at 56512 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Kangas <stefankangas <at> gmail.com>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: Ronak B <ronakworks <at> gmail.com>, 56512 <at> debbugs.gnu.org,
 Julien Lepiller <julien <at> lepiller.eu>, Akib Azmain Turja <akib <at> disroot.org>
Subject: Re: bug#56512: URLs in coreutils manuals documentation should use
 HTTPS
Date: Sun, 18 Sep 2022 10:30:21 -0400

[Message part 1 (text/plain, inline)]
tags 56512 + patch
thanks

Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:

> To coreutils maintainers: the suggested change would be to adjust URLs
> everywhere in the documentation of coreutils to use HTTPS rather than
> HTTP.

Most of these were already fixed in commit be87d6129 and subsequently.

The attached patch fixes all remaining HTTP links in the tree where the
links still worked when using HTTPS, in my testing.

[0001-all-prefer-HTTPS-to-HTTP.patch (text/x-diff, attachment)]
Reply sent to Paul Eggert <eggert <at> cs.ucla.edu>:
You have taken responsibility. (Sun, 18 Sep 2022 18:44:02 GMT) Full text and rfc822 format available.
Notification sent to Ronak B <ronakworks <at> gmail.com>:
bug acknowledged by developer. (Sun, 18 Sep 2022 18:44:02 GMT) Full text and rfc822 format available.

Message #37 received at 56512-done <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Stefan Kangas <stefankangas <at> gmail.com>,
 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: Ronak B <ronakworks <at> gmail.com>, 56512-done <at> debbugs.gnu.org,
 Julien Lepiller <julien <at> lepiller.eu>, Akib Azmain Turja <akib <at> disroot.org>
Subject: Re: bug#56512: URLs in coreutils manuals documentation should use
 HTTPS
Date: Sun, 18 Sep 2022 11:43:42 -0700

Thanks, I installed that.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 17 Oct 2022 11:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 1 year and 192 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.