Follow-up Comment #4, bug #6694 (project savane): > We definitely need [...] must [...]
Technically, no. mail.gna.org is only server using that feature, and that's non-critical (lists.gnu.org does ok without). Nevertheless, this seems to be the most reasonable solution for now. On a related matter, I also think it would be better to enforce secure=1 when the user clicks "stay in ssl mode" so that, eg, http://cvs.savannah.gnu.org does not get sent clear-text session cookies (http_s_:// would though but that's ok). This breaks the automatic http->https relocation, but security-wise, that's more logical - if you want to stay in ssl mode, you probably don't want your session cookies to be sent inadvertently clear-text. Good? :) _______________________________________________________ Reply to this item at: <http://gna.org/bugs/?func=detailitem&item_id=6694> _______________________________________________ Message posté via/par Gna! http://gna.org/ _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
