From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,UNPARSEABLE_RELAY,URIBL_SBL_A autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 27684 invoked from network); 21 May 2021 16:01:40 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 21 May 2021 16:01:40 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20200801; t=1621612900; b=JLka4g7Y8744DGsJ+mRIxWjGLbNoBeaOKTwThaUCxfEPEL2Fit0SIBPZCd4fuhV8vAQRNUvnSD 57uJ1ivKN6QrTWJ9gXnJ88DGBa5OINyg/VUXE2DkU0oPDqfMnDsOpcWAyFEWJEE5gQAxyQ6IJ/ SpQjeLZVWYkZqklvKSWmzKsqGFxRzti6PXL77yCt5CRDjJU4TwZ4OAAo2zSsaolpUrIZIgKHdQ nNgWfHXxyk6HBXkgP55ae6x3nAxZBpZDiZHnu4VxXXeF88Si0jxmgsvilnAGxg6+w+BeOShGWk zJo9CTnxoEr09UFjFDfMDxRKHCKAFqTn5KRV/5VocCRKbw==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (sym2.noone.org) smtp.remote-ip=178.63.92.236; dmarc=none header.from=deuxchevaux.org; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20200801; t=1621612900; bh=ZeuxexREu1BWygOrqU1yOnzqDb9YGdiGF3CpH01ROtQ=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:In-Reply-To:Content-Transfer-Encoding:Content-Type: MIME-Version:References:Message-ID:Subject:To:From:Date:DKIM-Signature; b=MPsctbJLZk4MoreHmrZY4XLS1ox/1b0KzIwzTJhiYl1QLsaRZjGLpiay1FhcfP6rEL0ay13oIF cf1mjpS0ta7jIjlFb53QBmZqnsFb88+E4i426BX0OpljoMio2Q0MKHBQeqeJz/avVPqjJ1GTkB RsDz1oI8GrDYgM6sLN5TNXNDl8t93GXlYme/G9yvAc3sYHCFdnzvE6IOGfh/J6TwpnnupzXV55 LJc5Rm8QFYm+WfIHqIYzrVrpL8Xt3NqSFV7+i06eeGj3rs765Ur2wgqCisi+csgwB6y8K/XBsF t9pGsq5YJCAl1prW3JlfTFwEig/5e6U9IfRVxOdrQ2GXJw==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20200801; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:In-Reply-To:Content-Transfer-Encoding :Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=r23my1Fq2HDz2OvKrD/zpCBtOHYSh0rntL/Hs77LjLI=; b=Az07wlZxPLroWr8z7xgs3Yj/gL xk4xi8E4sBwLrWPogYlXZPqsDo7n57tXDuwLP+bgaKyTBsxE4+TpPqYjsgmmyprhPBIoyahKL9dDC nQgwDbjKYynRZBXtGvgmXzXq3bjsqpGkcTKFl/IcpicboWWeXnK1z/TqAXJew7RRWYW1EDkiUeUkP CcxKYkPiFLuJ9M3PlE3k7zWdieHzHyKGVu6/LamRSBhGFoyrkub3YAifg5HB7xrjlcoqaJANv+Ss8 1ZD3VSCBrVVBpQmQpy+PqZ0N3RLTaZYi5RTyv8o/Ea2cnP3mE1mMj3JJ2x/ZEaOrnfsrDsvxqOsPO asimS/wg==; Received: from authenticated user by zero.zsh.org with local id 1lk7am-000Fba-IF; Fri, 21 May 2021 16:01:40 +0000 Authentication-Results: zsh.org; iprev=pass (sym2.noone.org) smtp.remote-ip=178.63.92.236; dmarc=none header.from=deuxchevaux.org; arc=none Received: from sym2.noone.org ([178.63.92.236]:34290) by zero.zsh.org with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1lk7Sm-000F4l-7U; Fri, 21 May 2021 15:53:24 +0000 Received: by sym2.noone.org (Postfix, from userid 1000) id 4Fmrjv5NDzzvjhL; Fri, 21 May 2021 17:53:23 +0200 (CEST) Date: Fri, 21 May 2021 17:53:23 +0200 From: Axel Beckert To: zsh-workers@zsh.org Subject: Re: Sourceforge -> https Message-ID: <20210521155322.qa3uv3o7fwlxhlcc@sym.noone.org> Mail-Followup-To: zsh-workers@zsh.org References: <1403418415.301394.1621610617915@mail2.virginmedia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Operating-System: Linux 4.9.0-13-amd64 X-Machine: sym2 x86_64 X-Editor: GNU Emacs 25.1.1 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAAAAAC3mUtaAAAABGdBTUEAALGPC/xhBQAAADh0RVh0U29mdHdhcmUAWFYgVmVyc2lvbiAzLjEwYSAgUmV2OiAxMi8yOS85NCAoUE5HIHBhdGNoIDEuMindFS5JAAACGElEQVQ4jXXQMU8UYRDG8f8shNjdDH4AbpfGDjAWlKiJiZ0ajL1aGCvsNCbGaCGG1koLaztaTYz6ATy+gOyehYmF3MxVxgg3FnDsHcTpJr/M+8w7Rf6nCsaVTTDqxbg9hoOXmw83H71+Eyfg4E1d7/Z2fG9rGkZbTQiu+K+3U/C+76lmkvAhJuDndnoAiftou4V84okAGclop4U/jYACZDTxrYWP0gkxVfAm/W//GLZpxIzwIN0Hn8dw0B+IWkZmQmRsj2HfhwokEklHfNCCiQCRgAR7YyhQVRVTCKCzP4Y5zBBE0t0zY3Q8oQaBqqAMlVEcgVQd9706zGirAFium8HXumlMIeMwqQCInju+2+uB6MRENupdpMt8pRlHZyuAW0F+Mb6XSIVqtxjD+iVmVqqystLEzFTGT92YqRaXpNT5eTVjeJhbALPnrTxLUZUKZsgxcNm64hAOYisT/xhF+oKTGU5RegtC3Rt6eEDi/QnIevdTx9Md2EMmYBRmCQR1026FCGQQJJExsRUqgkMGaWSbwYLnoO4T6VgpbQbdELPMBAHWWrhYrcxXnYgAsatPWygkFCBD4K62MAsOTqA6szYRPpsu6e6Y8mPiVrBMNuGIMrgwBUu4p2DgG1Ownu6hpuTv7hScefHAzAC/yRRw5U5pALMbJ4AUALvHSZhxgHPXTsHcdWD1GadAHr9avP+c0wCr7263Df8ASLwXWHWs+KIAAAAHdElNRQfYBQEBODPr Organization: DeuxChevaux.org -- The =?iso-8859-1?Q?Citr?= =?iso-8859-1?B?b+tu?= 2CV Database User-Agent: NeoMutt/20170113 (1.7.2) X-Validation-by: danielsh@zsh.org X-Seq: 48895 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: List-Subscribe: List-Unsubscribe: List-Post: List-Owner: List-Archive: Hi, On Fri, May 21, 2021 at 05:40:19PM +0200, Mikael Magnusson wrote: > > Your website is currently hosted at http://zsh.sourceforge.net with PHP 5.4 > > > > To update to https://zsh.sourceforge.io and PHP 7.x, click the button > > below. +1 for moving away from PHP 5.4 (long time EoL already). Do we use PHP at all? HTTPS is fine, too. :-) > The tld being different seems a bit more concerning Well, if I were SF, I would be concerned if I wouldn't do it. Reason for the different TLD is that otherwise every project page could extract valid https://sourceforge.net/ authentication cookies and afterwards impersonate that user. This is one of the reasons why using just the domain itself as website should not be done unless all subdomains are trusted. (Which obviously isn't the case for a hosting business.) Same reason why GitHub pages are hosted under github.io and not github.com. Actually, it is already a concern for old project sites, but since most HTTPS cookies are not sent over plain HTTP, too, it's ok-ish. The cleaner solution for SF would be to use "www.sourceforge.net" and restrict cookies to this hostname instead of the whole domain. (You don't seem to be able to restrict cookies to a domain, but then exclude its subdomains.) But since websites without "www." are totally in fashion these days... (I should shut up here as I have at least one domain I use that way, too. But without using any authentication cookies. :-) > but presumably the old urls will continue to redirect? I think so, yes. At least it works for other projects like e.g. http://octave.sourceforge.net/ → https://octave.sourceforge.io/ HTH Kind regards, Axel -- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: abe@deuxchevaux.org \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: abe@noone.org X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/