Closed
Bug 1077394
Opened 10 years ago
Closed 7 years ago
Put all code hosting sites behind TLS and HSTS
Categories
(Developer Services :: General, task)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: annevk, Unassigned)
Details
We should not distribute code in the clear. That seems irresponsible at this point. http://gitmirror.mozilla.org/ http://git.mozilla.org/ http://mxr.mozilla.org/ http://lxr.mozilla.org/ should all redirect to their HTTPS equivalent which should have a HSTS header.
Comment 1•10 years ago
|
||
Agreed. We'll need to audit the plain old HTTP accesses for automated agents that may not follow redirects properly.
Comment 2•10 years ago
|
||
To add to the list in comment 0: http://hg.mozilla.org/
Updated•10 years ago
|
Component: WebOps: Source Control → General
Product: Infrastructure & Operations → Developer Services
Comment 3•7 years ago
|
||
All of the repos in comment 0 are now decommissioned. And hg.m.o from comment 2 now redirects and uses HSTS: $ curl -IL http://hg.mozilla.org/ HTTP/1.1 301 Moved Permanently ... HTTP/1.1 200 Script output follows Strict-Transport-Security: max-age=31536000 ...
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•