Topics

Https links are not accepted in CII badging

Seshu m <seshu.kumar.m@...>
 

Hi

 

I finding issue while trying to update the https link in the CII badging for the following project

 

https://bestpractices.coreinfrastructure.org/en/projects/1702

 

Under the section,

The project sites (website, repository, and download URLs) MUST support HTTPS using TLS.

 

when we provide a https link (or keep it blank) , the website throws an error

 

// Given an http: URL.

               

 

This is effecting the score of the CII badging for ONAP SO project, request to help resolving the issue.

 


Best regards

Seshu Kumar M

Huawei Technologies India Pvt, Ltd.


本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁
止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中
的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!
This e-mail and its attachments contain confidential information from HUAWEI, which
is intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!

 

David A. Wheeler
 

Seshu m:

> I finding issue while trying to update the https link in the CII badging for the following project

> https://bestpractices.coreinfrastructure.org/en/projects/1702

> when we provide a https link (or keep it blank) , the website throws an error

 

That shouldn’t happen.  Thanks for letting us know!  I’ll check it out.

 

--- David A. Wheeler

 

David A. Wheeler
 

Seshu m:

 

The picture you sent me of:

  https://bestpractices.coreinfrastructure.org/en/projects/1702#sites_https

does show an “X” (unsatisfied criterion), but in the picture it appears that someone (at the time) expressly told the system that the criterion was “Unmet”.  That would be the correct result if the BadgeApp was told that this criterion was “Unmet”.  Our automated checkers will sometimes set something as “met” if they weren’t known before, but if a human expressly says they’re unmet, we normally presume the human is right.

 

It looks like someone has *CHANGED* the value of the sites_https criterion for project 1702 since you posted your question.  Here’s what I see.  Notice that it is now marked as “Met” and thus has a green checkmark (“satisfied”):

 

When I view the badging site, the only criterion left for ONAP is this one:

https://bestpractices.coreinfrastructure.org/en/projects/1702#vulnerabilities_fixed_60_days

 

In short, I think everything is working properly.  Please let me know if I’ve misunderstood something!

 

--- David A. Wheeler