bug#47823: Hardenize Guix website TLS/DNS

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47823: Hardenize Guix website TLS/DNS

From:	Dr. Arne Babenhauserheide
Subject:	bug#47823: Hardenize Guix website TLS/DNS
Date:	Fri, 16 Apr 2021 23:36:15 +0200
User-agent:	mu4e 1.4.15; emacs 27.2

Leo Famulari <leo@famulari.name> writes:

>> - Force redirection of insecure connection with plain text to TLS
>> - HSTS/HSTS-preload support missing (important)
>
> Yes, we should enable these.

Be careful with HSTS, it can make the site inaccessible if you lose
access to a certificate and have to replace it. And yes, that can happen
easily, and you then won’t have a way to inform visitors why they cannot
access the site. If you enable it, make absolutely sure that the max-age
is short enough.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47823: Hardenize Guix website TLS/DNS, bo0od, 2021/04/16
- bug#47823: Hardenize Guix website TLS/DNS, Leo Famulari, 2021/04/16
  - bug#47823: Hardenize Guix website TLS/DNS, Dr. Arne Babenhauserheide <=
  - bug#47823: Hardenize Guix website TLS/DNS, Julien Lepiller, 2021/04/16

Prev by Date: bug#47797: Segmentation fault when calling 'git-predicate' in a package file
Next by Date: bug#31719: Chains of dependencies getting longer
Previous by thread: bug#47823: Hardenize Guix website TLS/DNS
Next by thread: bug#47823: Hardenize Guix website TLS/DNS
Index(es):
- Date
- Thread