Roundup Tracker - Issues

Issue 2550940

classification
Title: issues.roundup-tracker.org does not support HTTPS
Type: security Severity: major
Components: Web interface Versions:
process
Status: new Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: paulschreiber
Priority: Keywords:

Created on 2017-04-29 17:19 by paulschreiber, last changed 2017-05-09 16:12 by paulschreiber.

Messages
msg5969 Author: [hidden] (paulschreiber) Date: 2017-04-29 17:19
issues.roundup-tracker.org does not support HTTPS.

All sites — especially sites providing logins — should support HTTPS and enforce it 
with HSTS>
msg5973 Author: [hidden] (ber) Date: 2017-05-09 14:18
I agree that it would be nice to have a HTTPS support for 
issues.roundup-tracker.org
and http://www.roundup-tracker.org/
wiki.roundup-tracker.org

So thanks for reminding us.
With https://en.wikipedia.org/wiki/Let%27s_Encrypt it should be fairly
easy to get https started.

As for HSTS I have a tendency to consider it less useful, the reason is
that it may make access harder to the information on the side and a lot
of info is valuable without TLS as well.
msg5974 Author: [hidden] (paulschreiber) Date: 2017-05-09 16:12
What do you mean by "may make access harder to the information on the side"?

All web browsers support HTTPS.
History
Date User Action Args
2017-05-09 16:12:17paulschreibersetnosy: - ber
messages: + msg5974
2017-05-09 14:18:09bersetnosy: + ber
messages: + msg5973
2017-04-29 17:19:51paulschreibercreate