This repository has been archived by the owner on Jan 14, 2021. It is now read-only.
Page only partly encrypted #95
Labels
Comments
|
This seems to be fixed now unless the images are loaded because of the fedmsg history, which takes very long to load right now (did not finish after several minutes). |
|
The oldest history entry that is shown says "4 months ago", so the ones I saw in 2014 aren't there now, but the pictures from Gravatar that I see today are linked by HTTPS. There is also https://fedoraproject.org/w/uploads/2/20/Artwork_DesignService_koji-icon-48.png now, so it seems likely that the problem has gone away. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Seamonkey warns me that https://apps.fedoraproject.org/packages/mysql-connector-python contains some unencrypted information. It isn't always clear what that warning refers to, but in this case there are at least these three images being fetched over insecure HTTP:
http://fedoraproject.org/w/uploads/2/20/Artwork_DesignService_koji-icon-48.png
http://www.gravatar.com/avatar/8a44a1890dfcc7478bc71a7f111c89c1?s=64&d=http%3A%2F%2Ffedoraproject.org%2Fstatic%2Fimages%2Ffedora_infinity_64x64.png
http://www.gravatar.com/avatar/f81fdda1398afa5f48810372fac821a9?s=64&d=http%3A%2F%2Ffedoraproject.org%2Fstatic%2Fimages%2Ffedora_infinity_64x64.png
Fedora Packages is obviously meant to use HTTPS because http://apps.fedoraproject.org/packages/ is redirected to https://apps.fedoraproject.org/packages/. Then it should be consistent and use HTTPS for all components.
In another browser which has HTTPS Everywhere installed there is no warning, and the three images are fetched over HTTPS. The need to notify Automattic every time someone loads a Fedora page is questionable, but obviously it's at least possible to do it without everyone else listening in.
The text was updated successfully, but these errors were encountered: