Joerg Sonnenberger via llvm-dev
2017-Jan-15 22:30 UTC
[llvm-dev] [SERVER UPDATE] Moving clang, clang-analyzer, libcxxabi, libcxx ... websites to new server
On Sun, Jan 15, 2017 at 04:25:16PM -0500, James Knight wrote:> On Jan 15, 2017, at 9:19 AM, Joerg Sonnenberger via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > On Fri, Jan 13, 2017 at 04:07:48PM -0500, James Y Knight via llvm-dev wrote: > >> But beyond that: there's no downside. Why should *anyone* continue to serve > >> http traffic? It's just all around better and safer to require https, for > >> everything, always. > > > > I take you haven't tried to use WiFi at UK airports or coaches recently? > > There are a lot of other places with completely broken "transparent" > > proxies and forcing HTTPS (especially in combination with HTST) makes > > the network unusable. > > > No, I haven't had the pleasure recently, so I'm not aware of what you're talking about.You said there is no downside. I've demonstrated a situation people can face right now where it can make a website unusable. Don't handwave away the cost of forcing HTTPS, it adds overhead for all involved parties. Don't get me wrong, I'm all for properly supporting HTTPS everywhere, but it is not without downsides. Joerg
Mike Edwards via llvm-dev
2018-Dec-19 06:24 UTC
[llvm-dev] [SERVER UPDATE] Moving clang, clang-analyzer, libcxxabi, libcxx ... websites to new server
Hi, I know this thread is quite old, however, I am about to start working on: https://bugs.llvm.org/show_bug.cgi?id=39309 and I couldn't quite tell if there was any real consensus reached in this thread? Are folks okay with me changing the Apache configs to force a redirect to HTTPS for all of the llvm.org landing pages? Honestly, just from an administration standpoint it would be much easier if I could make everything work the same way. I understand it will incur some overhead processing costs for some people and I'm sorry for any inconvenience. I feel, in this case, the simplicity of maintaining a single configuration outweighs the the burden of connecting over HTTPS. Thoughts? Thanks, Mike On Sun, Jan 15, 2017 at 2:31 PM Joerg Sonnenberger via llvm-dev < llvm-dev at lists.llvm.org> wrote:> On Sun, Jan 15, 2017 at 04:25:16PM -0500, James Knight wrote: > > On Jan 15, 2017, at 9:19 AM, Joerg Sonnenberger via llvm-dev < > llvm-dev at lists.llvm.org> wrote: > > > On Fri, Jan 13, 2017 at 04:07:48PM -0500, James Y Knight via llvm-dev > wrote: > > >> But beyond that: there's no downside. Why should *anyone* continue to > serve > > >> http traffic? It's just all around better and safer to require https, > for > > >> everything, always. > > > > > > I take you haven't tried to use WiFi at UK airports or coaches > recently? > > > There are a lot of other places with completely broken "transparent" > > > proxies and forcing HTTPS (especially in combination with HTST) makes > > > the network unusable. > > > > > > No, I haven't had the pleasure recently, so I'm not aware of what you're > talking about. > > You said there is no downside. I've demonstrated a situation people can > face right now where it can make a website unusable. Don't handwave away > the cost of forcing HTTPS, it adds overhead for all involved parties. > Don't get me wrong, I'm all for properly supporting HTTPS everywhere, > but it is not without downsides. > > Joerg > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20181218/0de34361/attachment.html>
Hans Wennborg via llvm-dev
2018-Dec-19 13:09 UTC
[llvm-dev] [SERVER UPDATE] Moving clang, clang-analyzer, libcxxabi, libcxx ... websites to new server
On Wed, Dec 19, 2018 at 7:25 AM Mike Edwards via llvm-dev <llvm-dev at lists.llvm.org> wrote:> > Hi, > I know this thread is quite old, however, I am about to start working on: https://bugs.llvm.org/show_bug.cgi?id=39309 and I couldn't quite tell if there was any real consensus reached in this thread? Are folks okay with me changing the Apache configs to force a redirect to HTTPS for all of the llvm.org landing pages? Honestly, just from an administration standpoint it would be much easier if I could make everything work the same way. I understand it will incur some overhead processing costs for some people and I'm sorry for any inconvenience. I feel, in this case, the simplicity of maintaining a single configuration outweighs the the burden of connecting over HTTPS. Thoughts?+1 Not sure what you mean by landing pages, but I think all http requests, to any resource under llvm.org or its subdomains, should redirect to https. Thanks, Hans> On Sun, Jan 15, 2017 at 2:31 PM Joerg Sonnenberger via llvm-dev <llvm-dev at lists.llvm.org> wrote: >> >> On Sun, Jan 15, 2017 at 04:25:16PM -0500, James Knight wrote: >> > On Jan 15, 2017, at 9:19 AM, Joerg Sonnenberger via llvm-dev <llvm-dev at lists.llvm.org> wrote: >> > > On Fri, Jan 13, 2017 at 04:07:48PM -0500, James Y Knight via llvm-dev wrote: >> > >> But beyond that: there's no downside. Why should *anyone* continue to serve >> > >> http traffic? It's just all around better and safer to require https, for >> > >> everything, always. >> > > >> > > I take you haven't tried to use WiFi at UK airports or coaches recently? >> > > There are a lot of other places with completely broken "transparent" >> > > proxies and forcing HTTPS (especially in combination with HTST) makes >> > > the network unusable. >> > >> > >> > No, I haven't had the pleasure recently, so I'm not aware of what you're talking about. >> >> You said there is no downside. I've demonstrated a situation people can >> face right now where it can make a website unusable. Don't handwave away >> the cost of forcing HTTPS, it adds overhead for all involved parties. >> Don't get me wrong, I'm all for properly supporting HTTPS everywhere, >> but it is not without downsides. >> >> Joerg >> _______________________________________________ >> LLVM Developers mailing list >> llvm-dev at lists.llvm.org >> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev