You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by "Jeremy Saklad (Jira)" <ji...@apache.org> on 2022/08/18 19:23:00 UTC
[jira] [Commented] (LEGAL-457) Change license URL to https:
[ https://issues.apache.org/jira/browse/LEGAL-457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17581500#comment-17581500 ]
Jeremy Saklad commented on LEGAL-457:
-------------------------------------
If I change the HTTP URLs to use HTTPS in copies of the license I distribute with my work, am I still allowed to call it the Apache License?
By the way, I think it is worth noting that [http://www.apache.org/licenses/LICENSE-2.0.txt] seems to return an HTTP 301 response pointing to the HTTPS URL, and a 301 [officially|https://www.rfc-editor.org/rfc/rfc2616#section-10.3.2] indicates that the old URL should be replaced with the new one if possible.
I don't think the license itself actually _is_ accessible through unencrypted HTTP anymore. Continuing to use an HTTP URL is misleading at best. Make no mistake, though: even though an HTTP request immediately gets redirected to HTTPS, that initial redirect can still be manipulated by an attacker.
> Change license URL to https:
> ----------------------------
>
> Key: LEGAL-457
> URL: https://issues.apache.org/jira/browse/LEGAL-457
> Project: Legal Discuss
> Issue Type: Task
> Reporter: Henri Yandell
> Priority: Major
>
> Post removing the footer from the license, the license URL should be changed from http:// to https://.
> We'll need to check that this does not cause issues with license checkers. Presumably it will drop matches from 100% to 99%.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org