Control: tags -1 + wontfix On Tue, 2016-05-17 at 15:44 +0800, Paul Wise wrote: > On Tue, May 17, 2016 at 7:13 AM, Josh Triplett wrote: > > > https://www.debian.org/ (and other Debian sites) serve a > > Strict-Transport-Security header to enable HSTS. Please consider > > enabling preloading as well; see https://hstspreload.appspot.com/ > > Unfortunately we can't do that because they only allow top-level > domains to be preloaded and not all debian.org subdomains support > https (and some never will, like nossl.people.debian.org). If that > requirement were to be relaxed then we could get added to the preload > list.
It looks like that requirement is still present a decade later. Regards, Adam
