tags 827707 pending thanks This issue is fixed and currently in the repo, commit bda736a6cad1807b2a20d03ae2a99b1b31cc3b38 [1]
Bye, Simon Am 2016-06-20 um 20:35 schrieb Simon Kainz: > Hello, > > thanks for this suggestion, but i think there is a bug in detecting, if > a given website offers the same content via HTTPS as via HTTP: > > My check should *not* allow/follow a redirect back to HTTP if i am > checking for content via HTTPS, so this is clearly a bug. If this would > be working correctly, the issue you mentioned should not be possible. > > I will fix this - either by fixing my check routines or by following > your suggestion. > > Thanks, > Simon > > > Am 2016-06-20 um 02:39 schrieb Axel Beckert: >> Package: duck Version: 0.9 Severity: wishlist >> >> Dear Maintainer, >> >> duck reported the following for the screen package: >> >> I: debian/patches/52fix_screen_utf8_nfd.patch:10: URL: >> http://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug: >> INFORMATION (Certainty:possible) The web page at >> http://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug works, >> but is also available via >> https://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug, please >> consider switching to HTTPS urls. >> >> But https://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug >> redirects back to >> http://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug >> >> So if I change this as recommend, I get again a warning: >> >> I: debian/patches/52fix_screen_utf8_nfd.patch:10: URL: >> https://d.hatena.ne.jp/mrkn/20101014/fix_screen_utf8_nfd_bug: >> INFORMATION (Certainty:possible) Secure URL redirects to an insecure >> URL: https://d.hatena.ne.jp -> http://d.hatena.ne.jp >> >> I suggest to avoid the initial warning if HTTPS redirects back to >> HTTP, but keep the latter warning. >> >> -- System Information: Debian Release: stretch/sid APT prefers >> unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, >> 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), >> (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: >> amd64 (x86_64) >> >> Kernel: Linux 4.6.0-trunk-amd64 (SMP w/8 CPU cores) Locale: >> LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked >> to /bin/dash Init: sysvinit (via /sbin/init) >> >> Versions of packages duck depends on: ii devscripts >> 2.16.5 ii dpkg-dev 1.18.7 ii >> libconfig-inifiles-perl 2.89-1 ii libconfig-simple-perl >> 4.59-6 ii libdomain-publicsuffix-perl 0.10-1 ii >> libfile-which-perl 1.21-1 ii libmailtools-perl >> 2.13-1 ii libnet-dns-perl 1.05-2 ii >> libparse-debcontrol-perl 2.005-4 ii libpath-class-perl >> 0.36-1 ii libregexp-common-email-address-perl 1.01-4 ii >> libregexp-common-perl 2016060801-1 ii >> libstring-similarity-perl 1.04-1+b3 ii libwww-curl-perl >> 4.17-2+b1 ii libxml-xpath-perl 1.36-1 ii >> libyaml-libyaml-perl 0.41-6+b1 ii lynx >> 2.8.9dev9-1 ii perl 5.22.2-1 ii >> publicsuffix 20160613-1 >> >> duck recommends no packages. >> >> Versions of packages duck suggests: ii bzr 2.7.0-7 ii git >> 1:2.8.1-1 ii mercurial 3.8.3-1 ii subversion 1.9.4-1 >> >> -- no debconf information >> >