[llvm-dev] [SERVER UPDATE] Moving clang, clang-analyzer, libcxxabi, libcxx ... websites to new server

Hans Wennborg via llvm-dev llvm-dev at lists.llvm.org
Wed Dec 19 05:09:14 PST 2018 

On Wed, Dec 19, 2018 at 7:25 AM Mike Edwards via llvm-dev
<llvm-dev at lists.llvm.org> wrote:
>
> Hi,
> I know this thread is quite old, however, I am about to start working on: https://bugs.llvm.org/show_bug.cgi?id=39309 and I couldn't quite tell if there was any real consensus reached in this thread?  Are folks okay with me changing the Apache configs to force a redirect to HTTPS for all of the llvm.org landing pages?  Honestly, just from an administration standpoint it would be much easier if I could make everything work the same way.  I understand it will incur some overhead processing costs for some people and I'm sorry for any inconvenience.  I feel, in this case, the simplicity of maintaining a single configuration outweighs the the burden of connecting over HTTPS.  Thoughts?

+1

Not sure what you mean by landing pages, but I think all http
requests, to any resource under llvm.org or its subdomains, should
redirect to https.

Thanks,
Hans

> On Sun, Jan 15, 2017 at 2:31 PM Joerg Sonnenberger via llvm-dev <llvm-dev at lists.llvm.org> wrote:
>>
>> On Sun, Jan 15, 2017 at 04:25:16PM -0500, James Knight wrote:
>> > On Jan 15, 2017, at 9:19 AM, Joerg Sonnenberger via llvm-dev <llvm-dev at lists.llvm.org> wrote:
>> > > On Fri, Jan 13, 2017 at 04:07:48PM -0500, James Y Knight via llvm-dev wrote:
>> > >> But beyond that: there's no downside. Why should *anyone* continue to serve
>> > >> http traffic? It's just all around better and safer to require https, for
>> > >> everything, always.
>> > >
>> > > I take you haven't tried to use WiFi at UK airports or coaches recently?
>> > > There are a lot of other places with completely broken "transparent"
>> > > proxies and forcing HTTPS (especially in combination with HTST) makes
>> > > the network unusable.
>> >
>> >
>> > No, I haven't had the pleasure recently, so I'm not aware of what you're talking about.
>>
>> You said there is no downside. I've demonstrated a situation people can
>> face right now where it can make a website unusable. Don't handwave away
>> the cost of forcing HTTPS, it adds overhead for all involved parties.
>> Don't get me wrong, I'm all for properly supporting HTTPS everywhere,
>> but it is not without downsides.
>>
>> Joerg
>> _______________________________________________
>> LLVM Developers mailing list
>> llvm-dev at lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev

More information about the llvm-dev mailing list