Page MenuHome GnuPG
Create Task
Maniphest T2694

insecure links on gnupg webpage (gnupg.org) that could be https
Open, WishlistPublic
Actions

Description

There are various links on the gnupg webpage to http destinations that could be
https.

  • https[://]www.gnupg.org/download/git.html *

http[://]lists.gnupg.org/mailman/listinfo/gnupg-commits/ - forwards to https
anyway
http[://]twitter.com/gnuprivacyguard - twitter is https by default since a long
time
http[://]git.gnupg.org/ - twice - is still available over http, but also over
https
http[://]creativecommons.org/licenses/by-sa/3.0/ - is available over https, so
better use that

  • https[://]www.gnupg.org/index.html *

https[://]www.ietf.org/rfc/rfc4880.txt - all ietf pages are available over
https
http[://]www.linuxfoundation.org/programs/core-infrastructure-initiative -
forwards to https anyway

  • https[://]www.gnupg.org/donate/index.html *

http[://]directory.fsf.org/project/libgcrypt/ - available over https

I didn't go through all pages, there is probably more. (The links are
"obfuscated", because otherwise the bug tracker won't let me submit the bug)

Event Timeline

hanno added a project: Feature Request.Sep 20 2016, 12:05 PM
hanno added a subscriber: hanno.
werner added a subscriber: werner.Sep 21 2016, 9:54 PM

Yeah we recently had a lot of spam, thus the http trick.

Thanks for the list; I'll look at them.

werner added a comment.Sep 22 2016, 9:53 AM

All done except for some news entries which are actually about http. Two
changes for cvs.gnupg.org will go online with the next page rebuild.

werner closed this task as Resolved.Sep 22 2016, 9:53 AM
werner claimed this task.
hanno added a comment.Oct 16 2016, 2:33 PM

It seems you missed the creative commons links (on all pages).

Also some more:

  • Download page contains links to gpg4win, gpgotools (mac) and rpmfind which

are all available over https.

  • documentation page contains another http twitter link.

(Hint: The moartls browser addon for chrome and firefox is extremely useful to
do this)

hanno reopened this task as Open.Oct 16 2016, 2:33 PM
hanno added a project: In Progress.
werner removed werner as the assignee of this task.Apr 3 2017, 11:04 PM
marcus added a subscriber: marcus.Jul 27 2017, 4:56 PM

Also a lot of redirects, for example this bounces you from https to http.

$ curl https://www.gnupg.org/gpa.html

<HTML><HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<BODY>
<H1>302 Moved</H1>The document has moved
<A HREF="http://www.gnupg.org/related_software/gpa/">here</A>.
</BODY></HTML>

See here for a list of redirects.