On Wed, Feb 15, 2017, at 01:56 PM, Corey W Sheldon wrote: > Tomasz Torcz: > > On Wed, Feb 15, 2017 at 11:32:28AM +0100, Jean-Baptiste Holcroft wrote: > >> Le 2017-02-14 20:10, Kevin Fenzi a écrit : > >>> There's no real security advantage here, other than making more traffic > >>> on the net encrypted, which I think is a good goal. > >>> > >>> What do folks think? Doable? To harsh? Pointless? > >> > >> Do you have any statistics of the number of blog that should migrate? Total > >> blog number, total blog with partial https (is it easy to detect?), total > >> blog with full https. > > > > I've tried to estimated this, using http://fedoraplanet.org/heads.html: > > > > – there are 716 blogs in total > > * 284 URLs start with https:// > > * 432 URLs start with http:// > > > > - if I do s/http/https/ and try to access the blogs (of 432 "http://"; ones): > > - 225 over https returned content with roughly the same size as returned over http > > - 209 weren't accessible by https > > - 34 weren't accessible by http, either > > > > I did not check if those 225 "forced https" contain any mixed content. > > > > Summary: > > - we have 716 blogs on Planet > > - we can access (284+225=) 509 of them over https > > - by forcing https we would loose ~ 200 blogs > > > > I'd recommend a hybrid deadline, say 6 months from ?today ?($date)? > blog is less favored if by Jan 1 2018 it's still not https it gets > dropped, this let's people know 1) we are seriously 2) not trying to > kill them with an immediate seemingly arb. deadline. This is a very reasonable proposal, but could represent a problem for some in an indirect way. My personal blog is currently hosted in a manner that makes using https not possible.[^0] I don't know if others are in a similar situation, but it is reasonable to think so. Enabling https is one thing, but in my case a full migration will be required. Is there a reason we need to require the blogs that are aggregated to be https and not just encourage it and move the planet to https? regards, bex ^0: I use a free hosting platform that cannot do https for custom domains. However, everything else, static site generation, git, etc. is exactly like I like it :) _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
