< bblack> mutante: is there a task already about planet.wm.o mixed-content? we're securing the site itself, but basically all of the links inside it are plain-HTTP :/
< bblack> we could maybe paper it over by setting upgrade-insecure-requests for now, and then get the html fixed a little after
< bblack> since we seem to be transcluding content in from external blogs, and inlining the images they inline, I imagine we have no control in the general case
< bblack> but upgrade-insecure-requests can paper over a lot of that
< mutante> yes, it gets all the feeds and then creates a new feed by merging them
< mutante> ok, looking to fix the easy ones
< mutante> it's using the feed URL it fetches from to link to the source in the sidebar. i'm gonna check which of them i can just convert to https in our conf where we get the content from them
< mutante> reads https://www.w3.org/TR/upgrade-insecure-requests/ and it fits perfectly "real headache for administrators tasked with moving substantial amounts of legacy content onto HTTPS. In particular, going through old content and rewriting resource URLs manually is a huge undertaking" and so on
< bblack> the downside is if any embedded resources (e.g. inline images) are hosted somewhere that doesn't support HTTPS at all, they'll just fail
< bblack> or maybe that's an upside, depending on your POV :)
< mutante> in this case of planet fail would be ok, then we would remove them and ask them to fix it
< mutante> or if it's just an image that fails.. it would make it obvious