https://bugs.llvm.org/show_bug.cgi?id=40955
Bug ID: 40955
Summary: lists.llvm.org accepts passwords and is not requiring
an SSL connection.
Product: Website
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P
Component: General Website
Assignee: unassignedb...@nondot.org
Reporter: m...@sqlby.me
CC: llvm-bugs@lists.llvm.org, m...@sqlby.me
Inital report from Jonny Grant:
This page accepts passwords without being on a secure connection. Can llvm buy
the SSL certificate and simply redirect from http?
http://lists.llvm.org/cgi-bin/mailman/options/cfe-dev
Interestingly. There does seem to be an SSL certificate on the server:
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
the problem is that:
1. The http server doesn't refresh to https
2. the main clang page links to http
https://clang.llvm.org/get_involved.html
3. the mailmain https page even links back to plain http archive!
http://lists.llvm.org/pipermail/cfe-dev/
4. Even entering https://lists.llvm.org/ HTTPS redirects back to
http://lists.llvm.org/mailman/listinfo !
Fix is pretty easy, take mailman off http server http://lists.llvm.org/
and put a 302 redirect back to https://lists.llvm.org/
Cheers, Jonny
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
