Subject: Re: [boost] [website] SSL certificate
From: Steven Watanabe (watanabesj_at_[hidden])
Date: 2010-08-16 14:24:58
Thomas Heller wrote:
> Rene Rivera wrote:
>> On 8/16/2010 11:39 AM, David Abrahams wrote:
>>> I suppose, pretty soon, we may
>>> not need to have any https stuff on our own domain anyway, but as long
>>> as we do have to do that, it would be good to have a cert that doesn't
>>> raise any alarms.
>> Hm.. I guess this is a pertinent question.. Do we really need HTTPS
>> stuff even now? I mean.. <http://svn.boost.org/svn currently> works. So
>> it's just a matter of turning on <http://svn.boost.org/trac>.
> The problem is sending usernames and password unencrypted. Which would be
> the case when turning of SSL.
I would assume that those with user accounts could still
log in using HTTPS. Most of them should know about
the certificate already. The people to worry about are the
ones who are just browsing the wiki or submitting a bug
report. HTTP should be fine for this.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk