[HTTPS-Everywhere] Adding 'simple' attribute to target tag, and maintainer
Jacob Hoffman-Andrews
jsha at eff.org
Sun Feb 15 12:11:30 PST 2015
Hi all,
In the process of updating rulesets to conform with the new ruleset
coverage test requirements, and reviewing your fixes (thank you!), I've
noticed a large number of target hosts just need simple updates. For
instance:
> <ruleset name="VirtualBox">
>
> <target host="virtualbox.org" />
> <target host="forums.virtualbox.org" />
> <target host="www.virtualbox.org" />
> <target host="update.virtualbox.org" />
>
>
> <securecookie host="^\.www\.virtualbox\.org$" name=".+" />
> <securecookie host="^\.forums\.virtualbox\.org$" name=".+" />
>
>
> <!-- Certificate is not valid for "virtualbox.org" -->
> <rule from="^http://(?:www\.)?virtualbox\.org/"
> to="https://www.virtualbox.org/" />
>
> <rule from="^http:"
> to="https:" />
This ruleset rewrites 'virtualbox.org' to 'www.virtualbox.org'; For all
other target hosts it simply upgrades to HTTPS. However, one must read
all of the rules in the ruleset carefully to determine that.
I'd like to propose another update to the ruleset grammar, simple="true":
<target host="forums.virtualbox.org" simple="true" />
For URLs on that target host, HTTPS Everywhere would always upgrade to
HTTPS, not bothering to evaluate any further regexes.
If we go this route, I think I can update all the rules from the past
week or so automatically, so no need to pause in fixing rulesets.
The other change I'm considering is to add an optional 'maintainer'
field for rulesets. This would contain a list of names and email
addresses to be contacted when we have to disable a rule for failing
tests. It would still be fine to submit rulesets with no maintainer field.
What do you think?
Thanks,
Jacob
More information about the HTTPS-Everywhere
mailing list