<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - lists.llvm.org accepts passwords and is not requiring an SSL connection."

   href="https://bugs.llvm.org/show_bug.cgi?id=40955">40955</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>lists.llvm.org accepts passwords and is not requiring an SSL connection.

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>Website

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>unspecified

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>General Website

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>mike@sqlby.me

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org, mike@sqlby.me

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Inital report from Jonny Grant:

This page accepts passwords without being on a secure connection. Can llvm buy

the SSL certificate and simply redirect from http?

<a href="http://lists.llvm.org/cgi-bin/mailman/options/cfe-dev">http://lists.llvm.org/cgi-bin/mailman/options/cfe-dev</a>

Interestingly. There does seem to be an SSL certificate on the server:

<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>

the problem is that:

1. The http server doesn't refresh to https

2. the main clang page links to http

<a href="https://clang.llvm.org/get_involved.html">https://clang.llvm.org/get_involved.html</a>

3. the mailmain https page even links back to plain http archive!

<a href="http://lists.llvm.org/pipermail/cfe-dev/">http://lists.llvm.org/pipermail/cfe-dev/</a>

4. Even entering <a href="https://lists.llvm.org/">https://lists.llvm.org/</a>   HTTPS   redirects back to 

<a href="http://lists.llvm.org/mailman/listinfo">http://lists.llvm.org/mailman/listinfo</a>  !

Fix is pretty easy, take mailman off http server <a href="http://lists.llvm.org/">http://lists.llvm.org/</a> 

and put a 302 redirect back to <a href="https://lists.llvm.org/">https://lists.llvm.org/</a>

Cheers, Jonny</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>