On Wed, Feb 15, 2017 at 11:32:28AM +0100, Jean-Baptiste Holcroft wrote:
Le 2017-02-14 20:10, Kevin Fenzi a écrit :
There's no real security advantage here, other than making more traffic on the net encrypted, which I think is a good goal.
What do folks think? Doable? To harsh? Pointless?
Do you have any statistics of the number of blog that should migrate? Total blog number, total blog with partial https (is it easy to detect?), total blog with full https.
I've tried to estimated this, using http://fedoraplanet.org/heads.html:
– there are 716 blogs in total * 284 URLs start with https:// * 432 URLs start with http://
- if I do s/http/https/ and try to access the blogs (of 432 "http://" ones): - 225 over https returned content with roughly the same size as returned over http - 209 weren't accessible by https - 34 weren't accessible by http, either
I did not check if those 225 "forced https" contain any mixed content.
Summary: - we have 716 blogs on Planet - we can access (284+225=) 509 of them over https - by forcing https we would loose ~ 200 blogs