Date: prev next · Thread: first prev next last
2020 Archives by date, by thread · List index


Hi,

On Sun, 09 Feb 2020 at 17:05:11 +0100, Florian Effenberger wrote:
- Chrome seems to disable insecure (i.e. FTP and HTTP) downloads from secure
websites (HTTPS) like ours in the future.

AFAICT only http:// mirror baseURLs are impacted, because the download
page doesn't redirect to ftp:// nor rsync:// links.

In the past 2 years or so I've regularly run a script to upgrade
baseURLs (typical case is when the operator of an old mirror silently
adds TLS support).  Right now 72/113 (63.71%) have an https:// base URL.
Grouping by region,

 region | insecure | total | ratio 
--------+----------+-------+-------
 af     |        2 |     4 | 50.00
 na     |        6 |    13 | 46.00
 eu     |       23 |    62 | 37.00
 oc     |        1 |     3 | 33.00
 as     |        5 |    17 | 29.00
 sa     |        4 |    14 | 28.00

and by country (only for ratio ≥50%)

 country | insecure | total | ratio  
---------+----------+-------+--------
 pl      |        1 |     1 | 100.00
 tr      |        1 |     1 | 100.00
 za      |        1 |     1 | 100.00
 nc      |        1 |     1 | 100.00
 ru      |        2 |     2 | 100.00
 kr      |        1 |     1 | 100.00
 at      |        1 |     1 | 100.00
 lk      |        1 |     1 | 100.00
 by      |        1 |     1 | 100.00
 bw      |        1 |     1 | 100.00
 ro      |        1 |     1 | 100.00
 ba      |        1 |     1 | 100.00
 bd      |        1 |     1 | 100.00
 pt      |        2 |     3 |  66.00
 hu      |        2 |     3 |  66.00
 cz      |        1 |     2 |  50.00
 br      |        4 |     8 |  50.00
 jp      |        1 |     2 |  50.00
 ca      |        1 |     2 |  50.00
 id      |        1 |     2 |  50.00
 us      |        5 |    10 |  50.00
 dk      |        1 |     2 |  50.00

It's not clear to me how disruptive the change will be in practice,
because we have redirects between the download page and the actual
mirror.  However https:// adoption is at a point where we could remove
http:// base URLs without notice without causing too much disruption on
the remaining mirrors nor users (except perhaps those in south Africa
and Russia).

Also, the target mirror is send to Matomo like other download metrics.
In January I see 3 (resp. 12) HTTP mirrors with ≥2% (resp. ≥1%) of
redirects.  Among these only the Russian mirrors don't have a HTTPS
fallback nearby (but we have some in Eastern Europe and Asia).

-- 
Guilhem.

-- 
To unsubscribe e-mail to: website+unsubscribe@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
Privacy Policy: https://www.documentfoundation.org/privacy

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.