Page MenuHome GnuPG

insecure links on gnupg webpage (gnupg.org) that could be https
Open, WishlistPublic

Description

There are various links on the gnupg webpage to http destinations that could be
https.

  • https[://]www.gnupg.org/download/git.html *

http[://]lists.gnupg.org/mailman/listinfo/gnupg-commits/ - forwards to https
anyway
http[://]twitter.com/gnuprivacyguard - twitter is https by default since a long
time
http[://]git.gnupg.org/ - twice - is still available over http, but also over
https
http[://]creativecommons.org/licenses/by-sa/3.0/ - is available over https, so
better use that

  • https[://]www.gnupg.org/index.html *

https[://]www.ietf.org/rfc/rfc4880.txt - all ietf pages are available over
https
http[://]www.linuxfoundation.org/programs/core-infrastructure-initiative -
forwards to https anyway

  • https[://]www.gnupg.org/donate/index.html *

http[://]directory.fsf.org/project/libgcrypt/ - available over https

I didn't go through all pages, there is probably more. (The links are
"obfuscated", because otherwise the bug tracker won't let me submit the bug)

Event Timeline

Yeah we recently had a lot of spam, thus the http trick.

Thanks for the list; I'll look at them.

All done except for some news entries which are actually about http. Two
changes for cvs.gnupg.org will go online with the next page rebuild.

werner claimed this task.

It seems you missed the creative commons links (on all pages).

Also some more:

  • Download page contains links to gpg4win, gpgotools (mac) and rpmfind which

are all available over https.

  • documentation page contains another http twitter link.

(Hint: The moartls browser addon for chrome and firefox is extremely useful to
do this)

hanno added a project: In Progress.

Also a lot of redirects, for example this bounces you from https to http.

$ curl https://www.gnupg.org/gpa.html

<HTML><HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<BODY>
<H1>302 Moved</H1>The document has moved
<A HREF="http://www.gnupg.org/related_software/gpa/">here</A>.
</BODY></HTML>

See here for a list of redirects.