From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 81331 invoked by alias); 20 May 2016 20:47:36 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 81315 invoked by uid 89); 20 May 2016 20:47:35 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.8 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=corinnacygwincygwincom, corinna-cygwin@cygwin.com, U*corinna-cygwin, sk:corinna X-HELO: etr-usa.com Received: from etr-usa.com (HELO etr-usa.com) (130.94.180.135) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 20 May 2016 20:47:25 +0000 Received: (qmail 84192 invoked by uid 13447); 20 May 2016 20:47:23 -0000 Received: from unknown (HELO polypore.west.etr-usa.com) ([73.26.17.49]) (envelope-sender ) by 130.94.180.135 (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for ; 20 May 2016 20:47:23 -0000 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: Proposed patch for web site: update most links to HTTPS From: Warren Young In-Reply-To: <20160520163624.GA22065@calimero.vinschen.de> Date: Fri, 20 May 2016 20:47:00 -0000 Content-Transfer-Encoding: quoted-printable Message-Id: <01915E6D-0EEC-46D9-AD25-6A205358EE6E@etr-usa.com> References: <20160520163624.GA22065@calimero.vinschen.de> To: cygwin@cygwin.com X-IsSubscribed: yes X-SW-Source: 2016-05/txt/msg00241.txt.bz2 On May 20, 2016, at 10:36 AM, Corinna Vinschen = wrote: >=20 > On Apr 24 17:18, Brian Clifton wrote: >>=20 >> This patch (see below) will update most of the urls to HTTPS. >=20 > Since Cygwin.com redirects http requests to https anyway, all links > to cygwin.com (or, FWIW, sourceware.org) will end up as https requests > anyway. Additionally, cygwin.com is using HSTS with a half-year expiration time, wh= ich means you=E2=80=99ll only visit via HTTP *once*, ever, unless you stop = visiting cygwin.com for over half a year. Excepting that case, any HSTS-co= mpliant web client will use HTTPS even if you type HTTP. https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security You can fix the remaining TOFU problem with the EFF=E2=80=99s =E2=80=9CHTTP= S Everywhere=E2=80=9D plugin for Firefox, Chrome, and Opera: https://www.eff.org/HTTPS-everywhere https://en.wikipedia.org/wiki/Trust_on_first_use https://www.eff.org/https-everywhere/atlas/domains/cygwin.com.html > wouldn't it make sense then to avoid absolute links > to cygwin.com and rather convert them to relative links Internal links within the docs should always use relative URLs, but externa= l links should be absolute. Why? Install cygwin-doc, then say: $ info cygwin-ug-net Now drill down to Cygwin Overview > A brief history of the Cygwin project. = The first cygwin.com link (to the ML) should be absolute, but the second (= to using-utils.html) should be relative so info(1) can follow it. (Actually, the problem with the second link is that it=E2=80=99s probably u= sing the wrong DocBook link type, so it=E2=80=99s forced to consider it a w= eb link, instead of realizing that it can resolve it as an internal cross-r= eference.) -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple