following a report in twitter I found that we support only HTTP and not HTTPS access

to the lists.ovirt.org (www.ovirt.org supports https).

The question is if we wish to allow https which is becoming mandatory these days?

another related question, is if we wish to support HSTS which is the next step and Google starts enforcing it in its domain[2].

Thanks,

Doron

[1] https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

[2] http://www.zdnet.com/article/googles-hsts-rollout-forced-https-for-google-com-aims-to-help-block-attacks/