To whom it may concern:
First of all, sorry for emailing the list just because I am not yet a
registered GitHub user. I hope this is at least the right list, since the
issue in question ( https://github.com/EFForg/https-everywhere/issues/849 )
is primarily about rulesets. The comment about batch-disabling rulesets gave
me some sense of urgency ...
The problem is that the script that generated the listing seems to have
parsed only the targets of each ruleset, without any understanding of
cross-domain rewrites.
In particular, every domain in the "bit.ly vanity domains" ruleset
(Bit.ly_vanity_domains.xml) is a false positive; the custom domains don't
listen for https as-is, but it's still true that they're generally
rewritable to bit.ly.
There may be other unrelated false positives, but detecting them
intelligently is beyond the scope of this email.
As usual, thank you very much, and sorry for any inconvenience.
Christopher Liu (from new email address)
