Hi everyone,
We’re considering how/how-much we can make www.cpan.org TLS-only.
http://log.perl.org/2017/08/tls-only-for-wwwcpanorg.html
I expect that we can’t make the whole site TLS-only without breaking some CPAN
clients, so the conservative version is to force TLS for
- any url ending in *.html
- any url not in matching some variation of
(/authors/ | /MIRRORED.BY | ^/modules/[^/]+ )
Does that sound about right? Maybe /src/, too?
(Also - we will support TLS for www.cpan.org permanently now, so please update
URLs where possible and appropriate).
Ask
