Bug#827707: duck: Should not report sites which are available via HTTPS but redirect from HTTPS to HTTP

Axel Beckert Sun, 19 Jun 2016 17:42:44 -0700

Package: duck
Version: 0.9
Severity: wishlist

Dear Maintainer,


duck reported the following for the screen package:

I: debian/patches/52fix_screen_utf8_nfd.patch:10: URL: 
http://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug: INFORMATION 
(Certainty:possible)
   The web page at http://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug 
works, but is also available via 
https://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug, please consider 
switching to HTTPS urls.

But https://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug
redirects back to
http://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug

So if I change this as recommend, I get again a warning:

I: debian/patches/52fix_screen_utf8_nfd.patch:10: URL: 
https://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug: INFORMATION 
(Certainty:possible)
   Secure URL redirects to an insecure URL: https://d.hatena.ne.jp -> 
http://d.hatena.ne.jp

I suggest to avoid the initial warning if HTTPS redirects back to HTTP,
but keep the latter warning.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), 
(500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 
'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.6.0-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages duck depends on:
ii  devscripts                           2.16.5
ii  dpkg-dev                             1.18.7
ii  libconfig-inifiles-perl              2.89-1
ii  libconfig-simple-perl                4.59-6
ii  libdomain-publicsuffix-perl          0.10-1
ii  libfile-which-perl                   1.21-1
ii  libmailtools-perl                    2.13-1
ii  libnet-dns-perl                      1.05-2
ii  libparse-debcontrol-perl             2.005-4
ii  libpath-class-perl                   0.36-1
ii  libregexp-common-email-address-perl  1.01-4
ii  libregexp-common-perl                2016060801-1
ii  libstring-similarity-perl            1.04-1+b3
ii  libwww-curl-perl                     4.17-2+b1
ii  libxml-xpath-perl                    1.36-1
ii  libyaml-libyaml-perl                 0.41-6+b1
ii  lynx                                 2.8.9dev9-1
ii  perl                                 5.22.2-1
ii  publicsuffix                         20160613-1

duck recommends no packages.

Versions of packages duck suggests:
ii  bzr         2.7.0-7
ii  git         1:2.8.1-1
ii  mercurial   3.8.3-1
ii  subversion  1.9.4-1

-- no debconf information

Bug#827707: duck: Should not report sites which are available via HTTPS but redirect from HTTPS to HTTP

Reply via email to