[llvm-bugs] [Bug 40955] New: lists.llvm.org accepts passwords and is not requiring an SSL connection.
via llvm-bugs
llvm-bugs at lists.llvm.org
Mon Mar 4 09:50:46 PST 2019
https://bugs.llvm.org/show_bug.cgi?id=40955
Bug ID: 40955
Summary: lists.llvm.org accepts passwords and is not requiring
an SSL connection.
Product: Website
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P
Component: General Website
Assignee: unassignedbugs at nondot.org
Reporter: mike at sqlby.me
CC: llvm-bugs at lists.llvm.org, mike at sqlby.me
Inital report from Jonny Grant:
This page accepts passwords without being on a secure connection. Can llvm buy
the SSL certificate and simply redirect from http?
http://lists.llvm.org/cgi-bin/mailman/options/cfe-dev
Interestingly. There does seem to be an SSL certificate on the server:
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
the problem is that:
1. The http server doesn't refresh to https
2. the main clang page links to http
https://clang.llvm.org/get_involved.html
3. the mailmain https page even links back to plain http archive!
http://lists.llvm.org/pipermail/cfe-dev/
4. Even entering https://lists.llvm.org/ HTTPS redirects back to
http://lists.llvm.org/mailman/listinfo !
Fix is pretty easy, take mailman off http server http://lists.llvm.org/
and put a 302 redirect back to https://lists.llvm.org/
Cheers, Jonny
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20190304/fc8b1509/attachment-0001.html>
More information about the llvm-bugs
mailing list