Boost logo

Boost :

Subject: Re: [boost] [website] SSL certificate
From: David Abrahams (dave_at_[hidden])
Date: 2010-08-16 14:01:11


At Mon, 16 Aug 2010 12:14:04 -0500,
Rene Rivera wrote:
>
> On 8/16/2010 11:53 AM, Thomas Heller wrote:
> > Rene Rivera wrote:
> >
> >> On 8/16/2010 11:39 AM, David Abrahams wrote:
> >>> I suppose, pretty soon, we may
> >>> not need to have any https stuff on our own domain anyway, but as long
> >>> as we do have to do that, it would be good to have a cert that doesn't
> >>> raise any alarms.
> >>
> >> Hm.. I guess this is a pertinent question.. Do we really need HTTPS
> >> stuff even now? I mean..<http://svn.boost.org/svn currently> works. So
> >> it's just a matter of turning on<http://svn.boost.org/trac>.
> >
> > The problem is sending usernames and password unencrypted. Which would be
> > the case when turning of SSL.
>
> Even for HTTP svn doesn't send passwords in the clear, IIRC. And I'm
> fairly sure neither does Trac.

News to me. Again, this is (at least) a matter of perception: people
don't know that.

-- 
Dave Abrahams
BoostPro Computing
http://www.boostpro.com

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk