Re: [bug-womb] HTTP links in www.gnu.org/server/home-pkgblurbs.html

bug-womb

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-womb] HTTP links in www.gnu.org/server/home-pkgblurbs.html

From:	Ineiev
Subject:	Re: [bug-womb] HTTP links in www.gnu.org/server/home-pkgblurbs.html
Date:	Tue, 20 Dec 2016 11:41:29 -0500
User-agent:	Mutt/1.5.21 (2010-09-15)

Hello, Brandon;

On Mon, Dec 19, 2016 at 09:53:36PM +0000, Brandon Invergo wrote:
> 
> > There are a few images with src provided as a HTTP URL,
> > e.g.
> > http://www.gnome.org/wp-content/themes/gnome-grass/images/gnome-logo.png
> > 
> > When the home page is loaded via HTTPS, this triggers
> > a warning (some data still come from an unencrypted
> > connection).
> > 
> > What about using protocol-neutral URLs for those sites
> > that do support HTTPS (like
> > //www.gnome.org/wp-content/themes/gnome-grass/images/gnome-logo.png)?
> > and when the original site is HTTP-only, we could copy the image,
> > for instance, to www.gnu.org/s/womb/, and use it
> > in home-pkgblurbs.html.
> 
> Sorry, I'm not fully clear about the proposed solution.  I'm able to
> load that gnome-logo.png file via https so in that case we can just
> change the protocol on that URL.

Yes (I actually mean removing that part so that the image would
load via HTTP when the page is requested via HTTP, and HTTPS would be
used when the page is visited via HTTPS).

> Is there another example that
> definitely doesn't load quietly via HTTPS?

I think, yes.

wget https://gretl.sourceforge.net/images/gretl-image.png
--2016-12-20 16:34:15--  https://gretl.sourceforge.net/images/gretl-image.png
Resolving gretl.sourceforge.net (gretl.sourceforge.net)... 216.34.181.96
Connecting to gretl.sourceforge.net 
(gretl.sourceforge.net)|216.34.181.96|:443... failed: Connection refused.

wget https://www.antcom.de/gtick/logo.www.jpg
--2016-12-20 16:35:21--  https://www.antcom.de/gtick/logo.www.jpg
Resolving www.antcom.de (www.antcom.de)... 46.38.233.243, 
2a03:4000:1::bc28:b2d8:1
Connecting to www.antcom.de (www.antcom.de)|46.38.233.243|:443... failed: 
Connection refused.
Connecting to www.antcom.de (www.antcom.de)|2a03:4000:1::bc28:b2d8:1|:443... 
failed: Network is unreachable.

> If I understand your solution correctly, I think I'd just do it
> manually, although we risk the local copy of the logo going out of date
> (probably not very common).

One could imagine setting up a cron job to check this; anyway, perhaps
outdated logo is not as acute issue as compromised HTTPS connection,
even though www.gnu.org has no accounts.

> Sorry for the late response, and actually I'll be away on holiday so it
> will be a couple weeks before I can make any changes.

And I'm likely to have a much longer holiday.

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-womb] HTTP links in www.gnu.org/server/home-pkgblurbs.html, Ineiev, 2016/12/08
- Re: [bug-womb] HTTP links in www.gnu.org/server/home-pkgblurbs.html, Brandon Invergo, 2016/12/19
  - Re: [bug-womb] HTTP links in www.gnu.org/server/home-pkgblurbs.html, Ineiev <=

Prev by Date: Re: [bug-womb] HTTP links in www.gnu.org/server/home-pkgblurbs.html
Previous by thread: Re: [bug-womb] HTTP links in www.gnu.org/server/home-pkgblurbs.html
Next by thread: [bug-womb] GNU Guix logo update
Index(es):
- Date
- Thread