On Thu, Aug 31, 2017 at 9:10 PM, Ask Bjørn Hansen <a...@perl.org> wrote:
> Hi everyone, > > We’re considering how/how-much we can make www.cpan.org TLS-only. > http://log.perl.org/2017/08/tls-only-for-wwwcpanorg.html > > I expect that we can’t make the whole site TLS-only without breaking some > CPAN clients, so the conservative version is to force TLS for > > - any url ending in *.html > - any url not in matching some variation of > (/authors/ | /MIRRORED.BY | ^/modules/[^/]+ ) > > Does that sound about right? Maybe /src/, too? > > > Are those "OR" conditions? "*.html" OR not in /authors/, etc/? Among things that should allow non-TLS: I would include /src/. Also the top-level RECENT files, things in /indices/. David -- David Golden <x...@xdg.me> Twitter/IRC/GitHub: @xdg