https://bz.apache.org/bugzilla/show_bug.cgi?id=65345
--- Comment #3 from J.M. (Martijn) Kruithof <j...@apache.org> --- If there is 1) not legal reason to have http instead of https in the snippet referring to the location of the actual license, 2) there is a security reason to use https in the snippet (avoiding MiTM / supply chain attacks) 3) the http version is a permanent redirect to the https version and not the document itself 4) the FAQ also points to the https version What would be the reason to refer to the http version instead? Note again this is not about the link in the license itself, that has been kept at http. In my daytime job I have been confronted with several attacks of the 2nd kind, especially on wifi networks that should not have been trusted by the user. -- You are receiving this mail because: You are the assignee for the bug.
