Project

General

Profile

Task #2026

scan sites with observatory.mozilla.org

Added by Florian Effenberger about 2 years ago. Updated about 2 months ago.

Status:
New
Priority:
High
Category:
-
Target version:
Team - Q2/2018
Start date:
Due date:
% Done:

0%

Estimated time:

Description

We should scan our sites with observatory.mozilla.org and see which errors are fixable (e.g. lack of OCSP Stapling which worked before) and which ones are optional (e.g. forced HTTPS).


Related issues

Related to Infrastructure - Task #2115: Request certs from Let's Encrypt for each HTTPS vhostClosed

Related to Infrastructure - Task #2441: Start using the headers Content Security Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-ProtectionRejected

History

#1 Updated by Florian Effenberger about 2 years ago

  • URL set to https://observatory.mozilla.org/analyze.html?host=libreoffice.org

#2 Updated by Florian Effenberger almost 2 years ago

  • Assignee changed from Christian Lohmaier to Guilhem Moulin

re-assigning to Guilhem in order to clean up Redmine queues
nothing concrete to do at the moment

#3 Updated by Florian Effenberger almost 2 years ago

  • Related to Task #2115: Request certs from Let's Encrypt for each HTTPS vhost added

#4 Updated by Florian Effenberger almost 2 years ago

  • Target version changed from Qlater to Q4/2016

#5 Updated by Florian Effenberger almost 2 years ago

  • Target version changed from Q4/2016 to Q1/2017

#6 Updated by Florian Effenberger over 1 year ago

  • Target version changed from Q1/2017 to Q2/2017

Makes only sense after all the migrations have been done, shifting to Q2

#7 Updated by Florian Effenberger over 1 year ago

  • Target version changed from Q2/2017 to Pool

#8 Updated by Florian Effenberger over 1 year ago

  • Priority changed from Normal to High
  • Target version changed from Pool to Q3/2017

#9 Updated by Florian Effenberger about 1 year ago

With the HTTPS ticket (#2312) pending, the results won't be optimal - but if possible, I'd like to see a first scan by LibOCon, so we know if there is something else that needs to be fixed independently

#10 Updated by Florian Effenberger 12 months ago

Eike pointed me to https://webbkoll.dataskydd.net which is an additional service to check with

#11 Updated by Florian Effenberger 12 months ago

  • Target version changed from Q3/2017 to Q4/2017

#12 Updated by Florian Effenberger 9 months ago

  • Related to Task #2441: Start using the headers Content Security Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-Protection added

#13 Updated by Florian Effenberger 7 months ago

  • Target version changed from Q4/2017 to Q1/2018

Can we run a first scan this quarter, Guilhem? For another tasks you're collecting all VHosts anyways, so doing a first run to get a first impression would be great. We then can decide when and how to act on the findings.

#14 Updated by Florian Effenberger 5 months ago

  • Target version changed from Q1/2018 to Q2/2018

I know you're quite swamped with other things, but let's aim for getting that done by end-Q2 :-)

#15 Updated by Florian Effenberger about 2 months ago

What prevents us from doing that? This has been pending since last LibOCon actually, and it shouldn't take too much time IMHO to do a first run
Is this sth. maybe another team member can help with?

Also available in: Atom PDF