zachthompson
commented
3 years ago Sites that are in the list are periodically re-checked and have to pass the same criteria as when first added. SSL certs that are expiring/expired are checked separately.
J0WI
Previous lists like preloaded HSTS or HTTPS Everywhere rulesets have some downgrade protection that prevents anyone from silently deleting a host from the list. E.g. if the encryption of a site is broke due an expired certificate or something you may want to give the admins some time to fix it rather than downgrading to an unencrypted connection. What policy do you have to remove a host from the Smarter Encryption list?
See e.g. https://github.com/EFForg/https-everywhere/blob/master/CONTRIBUTING.md#removal-of-rules