On Thu, 2020-03-19 at 16:40 +0100, David Marchand wrote: > On Thu, Mar 19, 2020 at 10:01 AM Thomas Monjalon <tho...@monjalon.net > > wrote: > > 19/03/2020 09:28, David Marchand: > > > for file in $(git grep -l http://.*dpdk.org doc/); do > > > sed -i -e 's#http://\(.*dpdk.org\)#https://\1#g' $file; > > > done > > > > > > Cc: sta...@dpdk.org > > > > > > Signed-off-by: David Marchand <david.march...@redhat.com> > > > --- > > > + # links must prefer https over http > > > + awk -v FOLDERS='doc' \ > > > + -v EXPRESSIONS='http://.*dpdk.org' \ > > > + -v RET_ON_FAIL=1 \ > > > + -v MESSAGE='Using non https link to dpdk.org' \ > > > + -f $(dirname $(readlink -f $0))/check-forbidden- > > > tokens.awk \ > > > + "$1" || res=1 > > > > Interesting policy. > > When no authentication is required, I was trying to use simple > > http, > > in the hope of making access faster. > > What is the benefit of https for documentation? Avoid man-in-the- > > middle? > > People probably don't notice the little extra time required to load a > page via https. > > Trying to go to dpdk.org with simple http: gets you redirected to > https:. > Then you browse down to the documentation with https, and finally you > find some links in https. > This is odd, but not a problem, I agree. > > All in all, I prefer a simple policy that works in most cases rather > than this rule that we must be aware of when reviewing doc patches.
The main benefit of using https everywhere is that it generates a lot of noise - so when it actually matters, encrypted traffic doesn't stand out as an exception easy to flag and store for later decryption -- Kind regards, Luca Boccassi
