Feb 26, 2019, 2:45 PM by iknowjos...@gmail.com: > I can see in the comments of your diary entry that you were told about HSTS > recently. I'm not trying to be offensive, but that shows you're not a HTTPS / > web security expert. Do you really think you're the person to be making world > wide automatic changes to the database? > Ekhmm? Why you think that running OSM bot requires being a HTTPS / web security expert?
Making designed search-replace scripts requires no knowledge from this fields. > Again, are you checking https certificates? Do you know that the https site > actually works? > Is it really useful? If http redirects to https then what is the difference here? > Are you checking the redirect code? Do you differentiate between temporary > and permanent redirects? > Good question. Only permanent ones should be followed. > Are redirects even that bad? If I was to set up some careful redirects and > have them ignored by a bot that thinks it knows better, I may be a little > annoyed. What about geographic redirects? > http://example.com > <http://example.com>> becomes > https://de.example.com > <https://de.example.com>> , for example. > I asked about this - redirects changing anything more than changing "http" to "https" are supposed to be skipped. > I can see that you want to promote https adoption, but I can't see that the > OSM database is the place to do it. > I see it as "automatically fixing outdated data that can be fixed using an automated script".
_______________________________________________ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
