www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig McClanahan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LEGAL-457) Change license URL to https:
Date Fri, 14 Jun 2019 23:39:01 GMT

    [ https://issues.apache.org/jira/browse/LEGAL-457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16864527#comment-16864527
] 

Craig McClanahan commented on LEGAL-457:
----------------------------------------

The for-real page for the 2.0 license has a minimal amount of JavaScript, mostly around presentation
issues.  If we posit a MTM attack (much more feasible with http than https), what's to stop
the attacker from adding arbitrary JS code that does nasty things?  This is the kind of reason
that SSL has become the default for many/most modern web sites.

> Change license URL to https:
> ----------------------------
>
>                 Key: LEGAL-457
>                 URL: https://issues.apache.org/jira/browse/LEGAL-457
>             Project: Legal Discuss
>          Issue Type: Task
>            Reporter: Henri Yandell
>            Priority: Major
>
> Post removing the footer from the license, the license URL should be changed from http://
to https://.
> We'll need to check that this does not cause issues with license checkers. Presumably
it will drop matches from 100% to 99%.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message