No HTTPS on by default

Richard Stanway r1ch+nginx at
Fri Aug 19 19:21:47 UTC 2016

I noticed that the PGP key used for signing the Debian release packages
recently expired. I went to download the new one and noticed that
wasn't using HTTPS by default. Manually entering a https URL works as
expected, although some pages have hard coded http links in them.

Is there a reason that the website isn't using HTTPS and STS / HPKP? It
would help mitigate potential MITM attacks especially on precompiled
binaries and PGP key downloads.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list