Re: misc/56220: http://man.netbsd.org should redirect to https://man.netbsd.org

[Robert Elz <kre%munnari.OZ.AU@localhost>]

The following reply was made to PR misc/56220; it has been noted by GNATS.

From: Robert Elz <kre%munnari.OZ.AU@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: Jan Schaumann <jschauma%netmeister.org@localhost>
Subject: Re: misc/56220: http://man.netbsd.org should redirect to https://man.netbsd.org
Date: Tue, 01 Jun 2021 16:30:43 +0700

     Date:        Mon, 31 May 2021 22:50:02 +0000 (UTC)
     From:        Jan Schaumann <jschauma%netmeister.org@localhost>
     Message-ID:  <20210531225002.1BD921A92C9%mollari.NetBSD.org@localhost>
 
   |  If we set HSTS and we have "preload" for that, then I
   |  don't understand what reasons might be there to not
   |  redirect http to https.
 
 I don't want to use https for accesses like those.  If I did
 I would start out with an https:// URL rather than an http://
 one.
 
 I don't see the point of all the additional CPU and network
 traffic consumed to access public information - I don't care
 who knows I am reading NetBSD man pages, if someone is monitoring
 traffic.   I don't even really care if someone intercepts my
 traffic and directs me to a site that has fake pages, they won't
 do me any particular harm (I won't be allowing them to execute
 javascript or similar).   If I become suspicious I can always
 just try again using https:// instead - but I don't want the
 web site (not NetBSD's, not any) forcing that decision upon me.
 
   |  Do we believe there is a
   |  non-negligible number of users who access the site
   |  using a mechanism that can't speak https?
 
 In my case at least, it isn't so much can't as don't want to.
 When there's a valid reason for https (aside from the paranoia
 that some people exhibit) I use it.   When there isn't, I don't.
 
 kre