Fwd: Chrome will show security warnings on http://sourceware.org

Fwd: Chrome will show security warnings on http://sourceware.org

[Ian Lance Taylor]

Google is encouraging us to automatically switch to https, and is
threatening to issue security warnings if we don't.

Ian


---------- Forwarded message ----------
From: Google Search Console Team <sc-noreply@google.com>
Date: Thu, Aug 17, 2017 at 3:41 PM
Subject: Chrome will show security warnings on http://sourceware.org
To: ianlancetaylor@gmail.com


Message type: [WNC-10038795]
Search Console

Chrome will show security warnings on http://sourceware.org

To owner of http://sourceware.org,

Starting October 2017, Chrome (version 62) will show a “NOT SECURE”
warning when users enter text in a form on an HTTP page, and for all
HTTP pages in Incognito mode.

The following URLs on your site include text input fields (such as <
input type="text" > or < input type="email" >) that will trigger the
new Chrome warning. Review these examples to see where these warnings
will appear, so that you can take action to help protect users’ data.
This list is not exhaustive.

http://sourceware.org/gdb/wiki/GDB_8.0_Release

http://sourceware.org/gdb/wiki/MultiProcess

http://sourceware.org/gdb/wiki/ReverseDebug

The new warning is part of a long term plan to mark all pages served
over HTTP as “not secure”.

Here’s how to fix this problem:

Migrate to HTTPS

To prevent the “Not Secure” notification from appearing when Chrome
users visit your site, only collect user input data on pages served
using HTTPS.

Read about HTTPS

Need more help?

• Learn more about this change in the blog post Next Steps Towards
More Connection Security.
• Learn how to Secure your site with HTTPS.
• Ask questions in our forum for more help - mention message type
[WNC-10038795].
Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 |
Unsubscribe from this type of message
Add partners who should receive messages for this Search Console account.

Re: Chrome will show security warnings on http://sourceware.org

[Andrew Pinski]

On Thu, Aug 17, 2017 at 4:59 PM, Ian Lance Taylor
<ianlancetaylor@gmail.com> wrote:
> Google is encouraging us to automatically switch to https, and is
> threatening to issue security warnings if we don't.

http://sourceware.org/gdb/wiki/GDB_8.0_Release
Automatically goes to:
https://sourceware.org/gdb/wiki/GDB_8.0_Release

And has for a while now as far as I Know.

Thanks,
Andrew

>
> Ian
>
>
> ---------- Forwarded message ----------
> From: Google Search Console Team <sc-noreply@google.com>
> Date: Thu, Aug 17, 2017 at 3:41 PM
> Subject: Chrome will show security warnings on http://sourceware.org
> To: ianlancetaylor@gmail.com
>
>
> Message type: [WNC-10038795]
> Search Console
>
> Chrome will show security warnings on http://sourceware.org
>
> To owner of http://sourceware.org,
>
> Starting October 2017, Chrome (version 62) will show a “NOT SECURE”
> warning when users enter text in a form on an HTTP page, and for all
> HTTP pages in Incognito mode.
>
> The following URLs on your site include text input fields (such as <
> input type="text" > or < input type="email" >) that will trigger the
> new Chrome warning. Review these examples to see where these warnings
> will appear, so that you can take action to help protect users’ data.
> This list is not exhaustive.
>
> http://sourceware.org/gdb/wiki/GDB_8.0_Release
>
> http://sourceware.org/gdb/wiki/MultiProcess
>
> http://sourceware.org/gdb/wiki/ReverseDebug
>
> The new warning is part of a long term plan to mark all pages served
> over HTTP as “not secure”.
>
> Here’s how to fix this problem:
>
> Migrate to HTTPS
>
> To prevent the “Not Secure” notification from appearing when Chrome
> users visit your site, only collect user input data on pages served
> using HTTPS.
>
> Read about HTTPS
>
> Need more help?
>
> • Learn more about this change in the blog post Next Steps Towards
> More Connection Security.
> • Learn how to Secure your site with HTTPS.
> • Ask questions in our forum for more help - mention message type
> [WNC-10038795].
> Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 |
> Unsubscribe from this type of message
> Add partners who should receive messages for this Search Console account.

Re: Chrome will show security warnings on http://sourceware.org

[Joseph Myers]

On Thu, 17 Aug 2017, Andrew Pinski wrote:

> On Thu, Aug 17, 2017 at 4:59 PM, Ian Lance Taylor
> <ianlancetaylor@gmail.com> wrote:
> > Google is encouraging us to automatically switch to https, and is
> > threatening to issue security warnings if we don't.
> 
> http://sourceware.org/gdb/wiki/GDB_8.0_Release
> Automatically goes to:
> https://sourceware.org/gdb/wiki/GDB_8.0_Release
> 
> And has for a while now as far as I Know.

Only because you've visited the https pages and so have HSTS state in your 
browser.  There's no HTTP redirect (permanent) from http and https.  Both 
are useful: the redirect to catch cases without HSTS state, the HSTS to 
avoid some connections following old links ever touching plain http at 
all.

-- 
Joseph S. Myers
joseph@codesourcery.com

Re: Fwd: Chrome will show security warnings on http://sourceware.org

[Hans-Peter Nilsson]

On Thu, 17 Aug 2017, Ian Lance Taylor wrote:
> Google is encouraging us to automatically switch to https, and is
> threatening to issue security warnings if we don't.

(That's rephrased; the warning was about pages with text forms.)

Let's please keep serving pages and search forms by http, as
ISTM that will reach more people (as I hope is the goal) than
forcing them to use https.

I suggest no action.

brgds, H-P