| 1 |
On Fri, Mar 27, 2015 at 3:33 PM, Hanno Böck <hanno@g.o> wrote: |
| 2 |
> I'd propose the following: |
| 3 |
> * Make all pages under .gentoo.org https by default |
| 4 |
> * Make sure all use modern HTTPS features, including: |
| 5 |
> * OCSP Stapling |
| 6 |
> * HSTS |
| 7 |
> * A secure collection of cipher suites |
| 8 |
> * (one may add HPKP here, but it requires careful planning and has the |
| 9 |
> potential to lock people out of the page if done wrong) |
| 10 |
> (On the long term I think it would also be good to have downloads over |
| 11 |
> https, but I'm aware that this is more difficult as it involves mirror |
| 12 |
> operators that are not under direct control of gentoo infrastructure.) |
| 13 |
|
| 14 |
I'm with you! |
| 15 |
|
| 16 |
Cheers, |
| 17 |
|
| 18 |
Dirkjan |
Archives