4 Jan
2017
4 Jan
'17
7:43 p.m.
Hi All, With some improvements we have been doing to the infrastructure, we've reached a point were practically everything on archlinux.org is hosted using TLS/SSL. I have run a sslyze test on every of our DNS entries and the ones that did not answered are supposed to. In case you guys are interested, I'm putting links to the tests I performed in json format in the end of the email.[0][1] My question is, should we add archlinux.org to the HSTS preload list?[2] Or, better yet, should we ever host something *not* using TLS/SSL? Cheers, Giancarlo Razzolini [0] Full test, quite big: https://paste.xinu.at/UOII [1] Failed hosts: https://paste.xinu.at/5srl/ [2] https://hstspreload.org/