On Fri, 1 Sep 2017, Ask Bjørn Hansen wrote:
Date: Fri, 1 Sep 2017 03:10:12 +0200
From: Ask Bjørn Hansen <a...@perl.org>
To: cpan-workers@perl.org
Subject: Making www.cpan.org TLS-only
Hi everyone,
We’re considering how/how-much we can make www.cpan.org TLS-only.
http://log.perl.org/2017/08/tls-only-for-wwwcpanorg.html
I expect that we can’t make the whole site TLS-only without breaking
some CPAN clients, so the conservative version is to force TLS for
- any url ending in *.html
- any url not in matching some variation of
(/authors/ | /MIRRORED.BY | ^/modules/[^/]+ )
If you exclude /MIRRORED.BY, perhaps /indices/mirrors.json
should be excluded too ; same stuff, only machine-readable.
Does that sound about right? Maybe /src/, too?
It sounds arbitrary :-) ; Exceptions cause confusion.
Is it too dangerous to just do it and fix what's broken ?
You can always revert quickly.
Ask
Regards,
Henk Penning
------------------------------------------------------------ _
Henk P. Penning, ICT-beta R Uithof HFG-406 _/ \_
Faculty of Science, Utrecht University T +31 30 253 4106 / \_/ \
Budapestlaan 6, 3584CD Utrecht, NL F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
