<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - lists.llvm.org accepts passwords and is not requiring an SSL connection."
   href="https://bugs.llvm.org/show_bug.cgi?id=40955">40955</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>lists.llvm.org accepts passwords and is not requiring an SSL connection.
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>Website
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>General Website
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>mike@sqlby.me
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvm-bugs@lists.llvm.org, mike@sqlby.me
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Inital report from Jonny Grant:
This page accepts passwords without being on a secure connection. Can llvm buy
the SSL certificate and simply redirect from http?
<a href="http://lists.llvm.org/cgi-bin/mailman/options/cfe-dev">http://lists.llvm.org/cgi-bin/mailman/options/cfe-dev</a>

Interestingly. There does seem to be an SSL certificate on the server:

<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>

the problem is that:

1. The http server doesn't refresh to https
2. the main clang page links to http
<a href="https://clang.llvm.org/get_involved.html">https://clang.llvm.org/get_involved.html</a>
3. the mailmain https page even links back to plain http archive!

<a href="http://lists.llvm.org/pipermail/cfe-dev/">http://lists.llvm.org/pipermail/cfe-dev/</a>

4. Even entering <a href="https://lists.llvm.org/">https://lists.llvm.org/</a>   HTTPS   redirects back to 
<a href="http://lists.llvm.org/mailman/listinfo">http://lists.llvm.org/mailman/listinfo</a>  !

Fix is pretty easy, take mailman off http server <a href="http://lists.llvm.org/">http://lists.llvm.org/</a> 
and put a 302 redirect back to <a href="https://lists.llvm.org/">https://lists.llvm.org/</a>


Cheers, Jonny</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>