[HTTPS-Everywhere] Git repositories available

Seth David Schoen schoen at eff.org
Thu Oct 7 15:24:34 PDT 2010 

Eitan Adler writes:

> >> Most likely the only remote you'll need to pay attention to is schoen.
> >> We plan on compiling all rules sent to this mailinglist to that remote
> >> under the branch name "every-last-rule". Slightly more tested
> >> rules should appear under the branch name "tested-rules".
> 
> %git pull  git://git.torproject.org/schoen/https-everywhere.git
> fatal: Couldn't find remote ref HEAD
> %
> 
> Are the repos not up yet or am I missing something?

That's me, and my repo is not up yet but it should be there later
this afternoon (Pacific time).  I'm working through a backlog of
contrib rules and doing syntax cleanups and merges of identical
or equivalent rules.

> I have a few rules which I'll be submitting soon hopefully.

Thanks!

> A few questions about the types of rules you want
> a) Do you want to restrict the rulesets to "popular" websites or do
> you accept rules for web pages that might have very few hits?

At least for every-last-rule it's going to be the latter.

> b) Do you accept rules that redirect where the silly
> anti-self-signed-cert warning appears? I would use them because they
> are safer than the alternative, but the warning might scare newer
> users.

Currently we are not planning to put rules in the official
release if we know that they would cause a certificate warning
in the default Firefox.

> c) Do you accept rules for websites that already implement STS or
> would that just add bloat?

We don't have a clear norm about this; I wrote a FAQ answer
pointing out that there is a security benefit right now for
HTTPS Everywhere forcing HTTPS even on sites where the site
already makes it mandatory.  I think our hope is that HTTPS
Everywhere will eventually be merged with an extension (or
run inside a browser) that supports regular STS, in which
case we won't need to have any rules for sites like PayPal.

(Maybe Firefox will want to have an "STS preload" mechanism
like Chrome does.)

-- 
Seth Schoen
Senior Staff Technologist                         schoen at eff.org
Electronic Frontier Foundation                    https://www.eff.org/
454 Shotwell Street, San Francisco, CA  94110     +1 415 436 9333 x107

More information about the HTTPS-everywhere mailing list