[arch-dev-public] [RFC] Add archlinux.org domain to HSTS Preload list
Pierre Schmitz
pierre at archlinux.de
Thu Jan 5 16:26:44 UTC 2017
On 04.01.2017 20:43, Giancarlo Razzolini wrote:
> Hi All,
>
> With some improvements we have been doing to the infrastructure,
> we've
> reached a point were practically everything on archlinux.org is
> hosted
> using TLS/SSL.
>
> I have run a sslyze test on every of our DNS entries and the ones
> that
> did not answered are supposed to. In case you guys are interested,
> I'm
> putting links to the tests I performed in json format in the end of
> the
> email.[0][1]
>
> My question is, should we add archlinux.org to the HSTS preload
> list?[2]
> Or, better yet, should we ever host something *not* using TLS/SSL?
> Cheers,
> Giancarlo Razzolini
>
> [0] Full test, quite big: https://paste.xinu.at/UOII
> [1] Failed hosts: https://paste.xinu.at/5srl/
> [2] https://hstspreload.org/
In general a great idea. Our Torrent tracker does not support https as
it seems: http://tracker.archlinux.org:6969/stat I haven't looked into
it yet though. Port 443 redirects to bbs which is strange...
Greetings,
Pierre
--
Pierre Schmitz, https://pierre-schmitz.com
More information about the arch-dev-public
mailing list