[arch-dev-public] [RFC] Add archlinux.org domain to HSTS Preload list

Giancarlo Razzolini grazzolini at archlinux.org
Wed Jan 4 19:43:31 UTC 2017


Hi All,

   With some improvements we have been doing to the infrastructure, we've
   reached a point were practically everything on archlinux.org is hosted
   using TLS/SSL.

   I have run a sslyze test on every of our DNS entries and the ones that
   did not answered are supposed to. In case you guys are interested, I'm
   putting links to the tests I performed in json format in the end of the
   email.[0][1]

   My question is, should we add archlinux.org to the HSTS preload list?[2]
   Or, better yet, should we ever host something *not* using TLS/SSL?
   
Cheers,
Giancarlo Razzolini

[0] Full test, quite big: https://paste.xinu.at/UOII
[1] Failed hosts: https://paste.xinu.at/5srl/
[2] https://hstspreload.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 870 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20170104/b1b7c833/attachment.asc>


More information about the arch-dev-public mailing list