On 09/01/2014 02:34 PM, Michael Manfre wrote: > On Mon, Sep 1, 2014 at 2:12 PM, Aymeric Augustin > <[email protected] > <mailto:[email protected]>> wrote: > > If we recommend HSTS, we need visible warnings and a small duration > in examples, for people who copy-paste without reading. > > > The default duration should also be less than a day for the exact reason > brought up. The visible warnings could state why it is a good idea to > increase the duration, after it is tested in production.
There is no default duration; the default is no HSTS at all. Tim has updated the documentation to warn about the possible issues, and recommend testing with a short duration before increasing. Carl -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/540615E7.9060408%40oddbird.net. For more options, visit https://groups.google.com/d/optout.
