Re: cvsweb.NetBSD.org got updated

[Ryo ONODERA <ryo%tetera.org@localhost>]

On October 24, 2024 6:11:58 AM GMT+09:00, "Constantine A. Murenin" <mureninc%gmail.com@localhost> wrote:
>On Wed, 23 Oct 2024 at 14:59, Reinoud Zandijk
><reinoud%gorilla.13thmonkey.org@localhost> wrote:
>> Hi,
>>
>> On Tue, Oct 22, 2024 at 05:23:14PM +0900, Rin Okuyama wrote:
>> > We have recently updated cvsweb.NetBSD.org:
>> >
>> > - Preexisting URIs (found on commit logs etc.) should work as before.
>> >   If this is not the case, please notify us.
>> >
>> > - Support to HTTPS has been added.
>> >
>> > Previously, c.n.o was running on a very old version of cvsweb, which
>> > has a vulnerability. The server is maintained by Japan NetBSD Users'
>> > Group. This time, ryoon@ has kindly set up the new server context and
>> > obtained the certificate. Let me thank him again for his efforts to
>> > keep providing the useful service!!
>>
>> Thanks for the update. Only thing I notice is that it isn't automatically
>> redirecting to https:// when http:// is requested. Maybe that is configurable?
>>
>> With regards,
>> Reinoud
>
>It's not the best practice to do such redirects, because then it's not
>possible to access the webpages over regular HTTP from the older
>devices that don't have the latest TLS or cacert.pem, or if there are
>any other issues.
>
>C.

Hi,

No redirect from http to https is intentional.
I need http access from older machines (slow and/or no newer root CA certificates)
and it is an emergency exit when I have a problem with the TLS certificate renewal.

Thank you.
-- 
Ryo ONODERA // ryo%tetera.org@localhost
PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB  FD1B F404 27FA C7D1 15F3