On Fri, Mar 27, 2015 at 3:33 PM, Hanno Böck <ha...@gentoo.org> wrote: > I'd propose the following: > * Make all pages under .gentoo.org https by default > * Make sure all use modern HTTPS features, including: > * OCSP Stapling > * HSTS > * A secure collection of cipher suites > * (one may add HPKP here, but it requires careful planning and has the > potential to lock people out of the page if done wrong) > (On the long term I think it would also be good to have downloads over > https, but I'm aware that this is more difficult as it involves mirror > operators that are not under direct control of gentoo infrastructure.)
I'm with you! Cheers, Dirkjan