Re: [libreoffice-website] Changes with Chrome

Sun, 09 Feb 2020 11:38:25 -0800 

Hi,

On Sun, 09 Feb 2020 at 17:05:11 +0100, Florian Effenberger wrote:
> - Chrome seems to disable insecure (i.e. FTP and HTTP) downloads from secure
> websites (HTTPS) like ours in the future.

AFAICT only http:// mirror baseURLs are impacted, because the download
page doesn't redirect to ftp:// nor rsync:// links.

In the past 2 years or so I've regularly run a script to upgrade
baseURLs (typical case is when the operator of an old mirror silently
adds TLS support).  Right now 72/113 (63.71%) have an https:// base URL.
Grouping by region,

 region | insecure | total | ratio 
--------+----------+-------+-------
 af     |        2 |     4 | 50.00
 na     |        6 |    13 | 46.00
 eu     |       23 |    62 | 37.00
 oc     |        1 |     3 | 33.00
 as     |        5 |    17 | 29.00
 sa     |        4 |    14 | 28.00

and by country (only for ratio ≥50%)

 country | insecure | total | ratio  
---------+----------+-------+--------
 pl      |        1 |     1 | 100.00
 tr      |        1 |     1 | 100.00
 za      |        1 |     1 | 100.00
 nc      |        1 |     1 | 100.00
 ru      |        2 |     2 | 100.00
 kr      |        1 |     1 | 100.00
 at      |        1 |     1 | 100.00
 lk      |        1 |     1 | 100.00
 by      |        1 |     1 | 100.00
 bw      |        1 |     1 | 100.00
 ro      |        1 |     1 | 100.00
 ba      |        1 |     1 | 100.00
 bd      |        1 |     1 | 100.00
 pt      |        2 |     3 |  66.00
 hu      |        2 |     3 |  66.00
 cz      |        1 |     2 |  50.00
 br      |        4 |     8 |  50.00
 jp      |        1 |     2 |  50.00
 ca      |        1 |     2 |  50.00
 id      |        1 |     2 |  50.00
 us      |        5 |    10 |  50.00
 dk      |        1 |     2 |  50.00

It's not clear to me how disruptive the change will be in practice,
because we have redirects between the download page and the actual
mirror.  However https:// adoption is at a point where we could remove
http:// base URLs without notice without causing too much disruption on
the remaining mirrors nor users (except perhaps those in south Africa
and Russia).

Also, the target mirror is send to Matomo like other download metrics.
In January I see 3 (resp. 12) HTTP mirrors with ≥2% (resp. ≥1%) of
redirects.  Among these only the Russian mirrors don't have a HTTPS
fallback nearby (but we have some in Eastern Europe and Asia).

-- 
Guilhem.

-- 
To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
Privacy Policy: https://www.documentfoundation.org/privacy

Reply via email to