misconfigured redirections on https://lists.gnupg.org

Werner Koch wk at gnupg.org
Tue Aug 11 10:22:34 CEST 2015

On Tue, 11 Aug 2015 06:07, dkg at fifthhorseman.net said:

> X should get redirected to Y, but instead it gets redirected to a
> service on a non-active port entirely:
> http://lists.gnupg.org:8002/pipermail/gnupg-devel/2015-August/

I know that is an annoying bug. 

> This transitions from https to http, even, which means that the response
> could be forged by a network attacker, which would be strange (and in
> contradiction to the HSTS header provided).

Nope, port 8002 is only listening on localhost.  We round pound as
frontend with two instaces of boa as backend (listening at



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list