Hi everyone, We’re considering how/how-much we can make www.cpan.org TLS-only. http://log.perl.org/2017/08/tls-only-for-wwwcpanorg.html
I expect that we can’t make the whole site TLS-only without breaking some CPAN clients, so the conservative version is to force TLS for - any url ending in *.html - any url not in matching some variation of (/authors/ | /MIRRORED.BY | ^/modules/[^/]+ ) Does that sound about right? Maybe /src/, too? (Also - we will support TLS for www.cpan.org permanently now, so please update URLs where possible and appropriate). Ask