On Wed, Aug 8, 2018 at 9:46 AM, Attila Bukor <abu...@apache.org> wrote:
> On Thu, Aug 02, 2018 at 01:20:39PM -0700, Mike Percy wrote: > > I don't really think it's a major security issue since passwords and > > personal credentials are not transmitted over http. > Yeah, this is more like a nice to have to prevent Chrome from > complaining. > > > > However +1 from me, we should be able to do the http -> https redirect in > > the .htaccess file @ https://github.com/apache/ > kudu/blob/gh-pages/.htaccess > Nice, thanks, didn't know .htaccess is checked in. Just submitted a > review: https://gerrit.cloudera.org/c/11162/ > > > > Mike > > > > On Thu, Aug 2, 2018 at 12:21 PM Dan Burkert <danburk...@apache.org> > wrote: > > > > > I think redirecting http://kudu.apache.org to https://kudu.apache.org > > > would > > > be a great step. Adding https to the jenkins instance would also be > nice, > > > but there may be some complication because of the infra it's hosted on > (I > > > think a Cloudera-managed GCE instance?). > Dan, do you know who manages this part of the infra? > Usually that's me. We are just using https://github.com/carlossg/jenkins-swarm-docker to start the Jenkins server. -Todd > > > > > > > - Dan > > > > > > On Wed, Jul 25, 2018 at 12:55 PM, Attila Bukor <abu...@apache.org> > wrote: > > > > > > > Hi Everyone, > > > > > > > > I've noticed that our infra is somewhat lacking in terms of security: > > > > > > > > - http://kudu.apache.org doesn't redirect to https://kudu.apache.org > > > > - https://jenkins.kudu.apache.org doesn't exist, even though secure > > > > information > > > > is sent to this server (passwords) > > > > > > > > The newest Chrome release will show warnings when connecting to > http:// > > > > sites[1], so I think it's about time to fix these and I'd like to > > > > volunteer to > > > > do it. > > > > > > > > What are your thoughts? Please let me know if I missed any other > > > > security/infra-related shortcomings. > > > > > > > > Thanks, > > > > Attila > > > > > > > > [1] https://www.wired.com/story/google-chrome-https-not- > secure-label/ > > > > > > > > -- Todd Lipcon Software Engineer, Cloudera