search

rust-lang / rustup

The Rust toolchain installer
https://rust-lang.github.io/rustup/
Apache License 2.0
6.19k stars 892 forks source link

Preload HSTS for rustup.rs #1987

Open pietroalbini opened 5 years ago

pietroalbini commented 5 years ago

HSTS is not enabled for first-time visitors: https://hstspreload.org/?domain=rustup.rs

Originally posted by @Darkspirit in https://github.com/rust-lang/rustup.rs/issues/180#issuecomment-529508786

kinnison commented 5 years ago

What more do we need to solve this? Is it worth it if we're considering migrating the website to rust-lang.org ?

kinnison commented 3 years ago

@pietroalbini how're we feeling about rustup.rs vs install.rust-lang.org or get.rust-lang.org or similar?

rbtcollins commented 3 years ago

Is there some reason to change?

kinnison commented 3 years ago

The .rs suffix has (or had) problematic management IIRC.

rbtcollins commented 3 years ago

We can do that separately to hsts pining and or certificate inclusion though...

aidanhs commented 3 years ago

We (the infra team) discussed this but realistically don't think this is going to hit the top of our priority list within the next 6 months.

(which also lets us punt on decisions around domains)