With some improvements we have been doing to the infrastructure, we've reached a point were practically everything on archlinux.org is hosted using TLS/SSL.
I have run a sslyze test on every of our DNS entries and the ones that did not answered are supposed to. In case you guys are interested, I'm putting links to the tests I performed in json format in the end of the email.
My question is, should we add archlinux.org to the HSTS preload list? Or, better yet, should we ever host something *not* using TLS/SSL?
Cheers, Giancarlo Razzolini