Devuan bug report logs - #143
bugs.devuan.org sends queries for bug numbers etc. unencrypted

Package: reportbug; Reported by: Jens Korte <korte@mailbox.org>; Keywords: jessie ascii; dated Thu, 14 Sep 2017 20:18:01 UTC; Maintainer for reportbug is KatolaZ <katolaz@freaknet.org>.


Tags added: jessie Request was from KatolaZ <katolaz@freaknet.org> to control@bugs.devuan.org. Full text available.


Tags added: ascii Request was from KatolaZ <katolaz@freaknet.org> to control@bugs.devuan.org. Full text available.


Message received at submit@bugs.devuan.org:


Received: (at submit) by bugs.devuan.org; 14 Sep 2017 20:10:03 +0000
Date: Thu, 14 Sep 2017 22:02:48 +0200
From: Jens Korte <korte@mailbox.org>
To: submit@bugs.devuan.org
Subject: bugs.devuan.org sends queries for bug numbers etc. unencrypted

package: reportbug
version: 0.42

This is not a bug in reportbug, I just know no better place to report
it.

If I enter a bug number e.g. 140 to https://bugs.devuan.org/ firefox
reports me, that the content is sent unecrypted, though I used https.
In the source of the page there is <form method="get"
action="http://bugs.devuan.org//cgi/bugreport.cgi">.

AFAIK the http://bugs.devuan.org/ should be remove
and /cgi/bugreport.cgi is enough. If you really want to, you can
enforce the usage of https by replacing http with https. There is
another line, where a get request with http is used.


Acknowledgement sent to Jens Korte <korte@mailbox.org>:
New bug report received and forwarded. Copy sent to KatolaZ <katolaz@freaknet.org>. Full text available.


Report forwarded to devuan-bugs@lists.dyne.org, KatolaZ <katolaz@freaknet.org>:
bug#143; Package reportbug. Full text available.


Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Tue, 22 May 2018 16:39:02 UTC