I think redirecting http://kudu.apache.org to https://kudu.apache.org would be a great step. Adding https to the jenkins instance would also be nice, but there may be some complication because of the infra it's hosted on (I think a Cloudera-managed GCE instance?).
- Dan On Wed, Jul 25, 2018 at 12:55 PM, Attila Bukor <abu...@apache.org> wrote: > Hi Everyone, > > I've noticed that our infra is somewhat lacking in terms of security: > > - http://kudu.apache.org doesn't redirect to https://kudu.apache.org > - https://jenkins.kudu.apache.org doesn't exist, even though secure > information > is sent to this server (passwords) > > The newest Chrome release will show warnings when connecting to http:// > sites[1], so I think it's about time to fix these and I'd like to > volunteer to > do it. > > What are your thoughts? Please let me know if I missed any other > security/infra-related shortcomings. > > Thanks, > Attila > > [1] https://www.wired.com/story/google-chrome-https-not-secure-label/ >
