On Thu, Aug 02, 2018 at 01:20:39PM -0700, Mike Percy wrote: > I don't really think it's a major security issue since passwords and > personal credentials are not transmitted over http. Yeah, this is more like a nice to have to prevent Chrome from complaining. > > However +1 from me, we should be able to do the http -> https redirect in > the .htaccess file @ https://github.com/apache/kudu/blob/gh-pages/.htaccess Nice, thanks, didn't know .htaccess is checked in. Just submitted a review: https://gerrit.cloudera.org/c/11162/ > > Mike > > On Thu, Aug 2, 2018 at 12:21 PM Dan Burkert <danburk...@apache.org> wrote: > > > I think redirecting http://kudu.apache.org to https://kudu.apache.org > > would > > be a great step. Adding https to the jenkins instance would also be nice, > > but there may be some complication because of the infra it's hosted on (I > > think a Cloudera-managed GCE instance?). Dan, do you know who manages this part of the infra? > > > > - Dan > > > > On Wed, Jul 25, 2018 at 12:55 PM, Attila Bukor <abu...@apache.org> wrote: > > > > > Hi Everyone, > > > > > > I've noticed that our infra is somewhat lacking in terms of security: > > > > > > - http://kudu.apache.org doesn't redirect to https://kudu.apache.org > > > - https://jenkins.kudu.apache.org doesn't exist, even though secure > > > information > > > is sent to this server (passwords) > > > > > > The newest Chrome release will show warnings when connecting to http:// > > > sites[1], so I think it's about time to fix these and I'd like to > > > volunteer to > > > do it. > > > > > > What are your thoughts? Please let me know if I missed any other > > > security/infra-related shortcomings. > > > > > > Thanks, > > > Attila > > > > > > [1] https://www.wired.com/story/google-chrome-https-not-secure-label/ > > > > >
signature.asc
Description: PGP signature
