Hello, thanks for this suggestion, but i think there is a bug in detecting, if a given website offers the same content via HTTPS as via HTTP:
My check should *not* allow/follow a redirect back to HTTP if i am checking for content via HTTPS, so this is clearly a bug. If this would be working correctly, the issue you mentioned should not be possible. I will fix this - either by fixing my check routines or by following your suggestion. Thanks, Simon Am 2016-06-20 um 02:39 schrieb Axel Beckert: > Package: duck Version: 0.9 Severity: wishlist > > Dear Maintainer, > > duck reported the following for the screen package: > > I: debian/patches/52fix_screen_utf8_nfd.patch:10: URL: > http://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug: > INFORMATION (Certainty:possible) The web page at > http://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug works, > but is also available via > https://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug, please > consider switching to HTTPS urls. > > But https://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug > redirects back to > http://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug > > So if I change this as recommend, I get again a warning: > > I: debian/patches/52fix_screen_utf8_nfd.patch:10: URL: > https://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug: > INFORMATION (Certainty:possible) Secure URL redirects to an insecure > URL: https://d.hatena.ne.jp -> http://d.hatena.ne.jp > > I suggest to avoid the initial warning if HTTPS redirects back to > HTTP, but keep the latter warning. > > -- System Information: Debian Release: stretch/sid APT prefers > unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, > 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), > (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: > amd64 (x86_64) > > Kernel: Linux 4.6.0-trunk-amd64 (SMP w/8 CPU cores) Locale: > LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked > to /bin/dash Init: sysvinit (via /sbin/init) > > Versions of packages duck depends on: ii devscripts > 2.16.5 ii dpkg-dev 1.18.7 ii > libconfig-inifiles-perl 2.89-1 ii libconfig-simple-perl > 4.59-6 ii libdomain-publicsuffix-perl 0.10-1 ii > libfile-which-perl 1.21-1 ii libmailtools-perl > 2.13-1 ii libnet-dns-perl 1.05-2 ii > libparse-debcontrol-perl 2.005-4 ii libpath-class-perl > 0.36-1 ii libregexp-common-email-address-perl 1.01-4 ii > libregexp-common-perl 2016060801-1 ii > libstring-similarity-perl 1.04-1+b3 ii libwww-curl-perl > 4.17-2+b1 ii libxml-xpath-perl 1.36-1 ii > libyaml-libyaml-perl 0.41-6+b1 ii lynx > 2.8.9dev9-1 ii perl 5.22.2-1 ii > publicsuffix 20160613-1 > > duck recommends no packages. > > Versions of packages duck suggests: ii bzr 2.7.0-7 ii git > 1:2.8.1-1 ii mercurial 3.8.3-1 ii subversion 1.9.4-1 > > -- no debconf information >
