Closed Bug 1077394 Opened 11 years ago Closed 8 years ago

Put all code hosting sites behind TLS and HSTS

Tracking

(Not tracked)

Status:

RESOLVED WORKSFORME

People

(Reporter: annevk, Unassigned)

Details

Anne (:annevk)

Reporter

Description

•

11 years ago

We should not distribute code in the clear. That seems irresponsible at this point. http://gitmirror.mozilla.org/ http://git.mozilla.org/ http://mxr.mozilla.org/ http://lxr.mozilla.org/ should all redirect to their HTTPS equivalent which should have a HSTS header.

Gregory Szorc [:gps]

Comment 1

•

11 years ago

Agreed. We'll need to audit the plain old HTTP accesses for automated agents that may not follow redirects properly.

Ed Morley [:emorley]

Comment 2

•

11 years ago

To add to the list in comment 0: http://hg.mozilla.org/

Kendall Libby [:fubar] (he/him)

Updated

•

11 years ago

Component: WebOps: Source Control → General

Product: Infrastructure & Operations → Developer Services

Ed Morley [:emorley]

Comment 3

•

8 years ago

All of the repos in comment 0 are now decommissioned. And hg.m.o from comment 2 now redirects and uses HSTS: $ curl -IL http://hg.mozilla.org/ HTTP/1.1 301 Moved Permanently ... HTTP/1.1 200 Script output follows Strict-Transport-Security: max-age=31536000 ...

Status: NEW → RESOLVED

Closed: 8 years ago

Resolution: --- → WORKSFORME

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Put all code hosting sites behind TLS and HSTS

Categories

(Developer Services :: General, task)

Tracking

(Not tracked)

People

(Reporter: annevk, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Updated

Comment 3