As of today, gitorious.org has vastly improved SSL support. You are now free to surf gitorious.org through https only, should you wish to do so. Previously, our SSL support has been restricted to a few select actions, and there has been redirects from https to http.
With today’s deployment, gitorious.org will never redirect you away from https (if it does, report a bug to email@example.com). You will also be forced to use https as long as you’re logged in, and when posting forms (i.e. logging in).
For those of you who maintain your own Gitorious setups, this change is pretty straight forward. The new SSL feature is enabled by default, and can be controlled through the gitorious.yml setting
use_ssl. When this setting is set to
true, Gitorious will enforce SSL where appropriate. When it is false, Gitorious will actively ensure http.
We will follow up this change by adding HSTS shortly.
In other news, gitorious.org is also available on IPv6, thanks to our awesome hosting partner, Linpro. We’re still having some issues with the backend for git:// and http:// Git access, so for now they are IPv4 only. We are working to resolve this issue.