[OSM-talk] HTTPS all the Things (Automated Edit)
Mateusz Konieczny
matkoniecz at tutanota.com
Wed Feb 27 13:07:10 UTC 2019
Feb 26, 2019, 2:45 PM by iknowjoseph at gmail.com:
> I can see in the comments of your diary entry that you were told about HSTS recently. I'm not trying to be offensive, but that shows you're not a HTTPS / web security expert. Do you really think you're the person to be making world wide automatic changes to the database?
>
Ekhmm? Why you think that running OSM bot requires being a HTTPS / web security expert?
Making designed search-replace scripts requires no knowledge from this fields.
> Again, are you checking https certificates? Do you know that the https site actually works?
>
Is it really useful? If http redirects to https then what is the difference here?
> Are you checking the redirect code? Do you differentiate between temporary and permanent redirects?
>
Good question. Only permanent ones should be followed.
> Are redirects even that bad? If I was to set up some careful redirects and have them ignored by a bot that thinks it knows better, I may be a little annoyed. What about geographic redirects? > http://example.com <http://example.com>> becomes > https://de.example.com <https://de.example.com>> , for example.
>
I asked about this - redirects changing anything more than changing "http" to "https" are supposed to be skipped.
> I can see that you want to promote https adoption, but I can't see that the OSM database is the place to do it.
>
I see it as "automatically fixing outdated data that can be fixed using an automated script".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/talk/attachments/20190227/280fe332/attachment.html>
More information about the talk
mailing list