Description
Randomly, while grep'ing for http in our sources to locate links to external papers that inspired important changes in Lucene, I noticed that our standard Apache Software License version 2.0 copyright header still uses the non-SSL (http://) link.
Should we update that to https://? Would that show that Lucene devs take security seriously or so ("lead by example")? If you load the non-SSL url it redirects anyways to the SSL version.
Apache's official guidelines on the copyright header text specifically state that https is acceptable, though the copy/paste text sample given there is non-SSL.
Curiously, a couple source files in Lucene do use the https:// URL in the copyright header! gradlew.bat and gradlew, cool.
Using GitHub's search, I count ~43.8K source files under the Apache org that use the SSL URL, and ~1.3M source files that do not! We could be early adopters and join the ~3.2% of Apache source code that does use the SSL link!
Description
Randomly, while grep'ing for
httpin our sources to locate links to external papers that inspired important changes in Lucene, I noticed that our standardApache Software License version 2.0copyright header still uses the non-SSL (http://) link.Should we update that to
https://? Would that show that Lucene devs take security seriously or so ("lead by example")? If you load the non-SSL url it redirects anyways to the SSL version.Apache's official guidelines on the copyright header text specifically state that
httpsis acceptable, though the copy/paste text sample given there is non-SSL.Curiously, a couple source files in Lucene do use the
https://URL in the copyright header!gradlew.batandgradlew, cool.Using GitHub's search, I count ~43.8K source files under the Apache org that use the SSL URL, and ~1.3M source files that do not! We could be early adopters and join the ~3.2% of Apache source code that does use the SSL link!