Discussion:
[savannah-help-public] [sr #109454] Private bugs fail on HTTP e-mail link, not redirected to HTTPS
Jay Satiro
2018-01-25 18:49:37 UTC
Permalink
URL:
<http://savannah.gnu.org/support/?109454>

Summary: Private bugs fail on HTTP e-mail link, not
redirected to HTTPS
Project: Savannah Administration
Submitted by: raysatiro
Submitted on: Thu 25 Jan 2018 06:49:36 PM UTC
Category: Savannah website
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Assigned to: None
Originator Email: ***@yahoo.com
Operating System: None
Open/Closed: Open
Discussion Lock: Any

_______________________________________________________

Details:

I submitted a private bug to the wget team and I am receiving e-mail updates.
The e-mail update includes an HTTP link to the bug, but it does not redirect
to HTTPS. Instead it says 'This item is private.'

No: http://savannah.gnu.org/bugs/?52760
Yes: https://savannah.gnu.org/bugs/?52760

Also this form to file a bug against the website was hard to find, I suggest
putting at the bottom of the page "Report a bug in this website" or something



_______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Thu 25 Jan 2018 06:49:36 PM UTC Name: Capture.PNG Size: 3KiB By:
raysatiro

<http://savannah.gnu.org/support/download.php?file_id=43075>

_______________________________________________________

Reply to this item at:

<http://savannah.gnu.org/support/?109454>

_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
Bob Proulx
2018-01-25 21:32:59 UTC
Permalink
Follow-up Comment #1, sr #109454 (project administration):

There is an open TODO item to switch the email links from http to https. It
will get done eventually.

That you submitted a bug to a project that has marked it as a private item is
unrelated to whether the link is http or https. Either will say the item is a
private item. Both say that for me for that link for example. Since that
project has made their tickets private.

However if you are logged into the site and have permission to view the ticket
then your cookie is a secure cookie and will only be sent to https which will
give you permission but not to http and therefore you won't be logged in on
http and won't have permission. It is somewhat of a subtle thing but not the
primary issue but just a cascade behind it.

Personally I much prefer email to savannah-hackers-public AT gnu.org or
savannah-hackers-private AT gnu.org for security issues or other discussion.
I find email much easier to deal with. It's a personal preference.

_______________________________________________________

Reply to this item at:

<http://savannah.gnu.org/support/?109454>

_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
Ineiev
2018-09-06 08:09:03 UTC
Permalink
Update of sr #109454 (project administration):

Status: None => Done
Assigned to: None => ineiev
Open/Closed: Open => Closed

_______________________________________________________

Follow-up Comment #2:

Done.

_______________________________________________________

Reply to this item at:

<https://savannah.gnu.org/support/?109454>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/

Loading...