Pages on hackage.haskell.org are currently served over both HTTP and HTTPS. Package security on Hackage does not depend on HTTPS, so we keep HTTP endpoints for backwards compatibility with automated systems that depend on Hackage and do not support HTTPS.

However, this means that it's possible for users to inadvertently browse Hackage pages on HTTP which is not a great user experience. To address this issue without breaking existing scripts, we are planning to redirect requests to HTTPS based on User-Agent headers: requests with "Mozilla/5.0" in their User-Agent string will be redirected to HTTPS and other requests will remain unchanged.

Please contact us at committee@haskell.org if this change will cause problems with how you use Hackage. Otherwise, the new behavior will go into effect on 2020-11-23.

Thanks!

-Tikhon Jelvis, on behalf of the Haskell.org Committee