Since Monday morning, we've had https://git.exim.org available. http://git.exim.org is still available.
Does anyone have strong opinions over whether or not http://git should force-redirect to https://git ? For FTP site contents, it doesn't make much sense, since ftp:// remains available and all retrievable code objects have signatures. For git ... as far as I know, we don't have cloneable resources available over http/https, so there's no repo breakage to risk. We also don't currently have authenticated access and so the risk of private repo access. So there's nothing too significant to risk. But on the principle of "encrypted by default", we could do it, and perhaps set some HTTP security headers. Any opinions from those involved in dev? -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
