https://bugs.kde.org/show_bug.cgi?id=393987
--- Comment #5 from Nikita Skovoroda <chalk...@gmail.com> --- Yeah. The changes in Discover itself look good for now (assuming that 5d6593633f02 behaves like I think it does), but the webserver configuration behind `distribute.kde.org` should be also changed as people could copy-paste the links from there. E.g when someone opens `http://distribute.kde.org/`, select the link to `http://distribute.kde.org/kdeapps.flatpakrepo` and copy-paste it into Discover — they retrieve the GPGKey (and the rest of the repo configuration) over http. Reconfiguring the server to perform a redirect from http:// to https:// and adding HSTS with `preload` should fix that specific chain — even when someone types in `http://distribute.kde.org/` into the browser, it would open `https://distribute.kde.org/` and the user would receive a link with `https://` -- You are receiving this mail because: You are watching all bug changes.
