Hi All,
With some improvements we have been doing to the infrastructure, we've reached a point were practically everything on archlinux.org is hosted using TLS/SSL.
I have run a sslyze test on every of our DNS entries and the ones that did not answered are supposed to. In case you guys are interested, I'm putting links to the tests I performed in json format in the end of the email.[0][1]
My question is, should we add archlinux.org to the HSTS preload list?[2] Or, better yet, should we ever host something *not* using TLS/SSL?
Cheers, Giancarlo Razzolini
[0] Full test, quite big: https://paste.xinu.at/UOII [1] Failed hosts: https://paste.xinu.at/5srl/ [2] https://hstspreload.org/