Subject: Re: [boost] [website] SSL certificate
From: Dave Abrahams (dave_at_[hidden])
Date: 2010-08-17 01:03:15
On Mon, Aug 16, 2010 at 10:24 AM, Steven Watanabe <watanabesj_at_[hidden]> wrote:
> Thomas Heller wrote:
>> Rene Rivera wrote:
>>> On 8/16/2010 11:39 AM, David Abrahams wrote:
>>>> I suppose, pretty soon, we may
>>>> not need to have any https stuff on our own domain anyway, but as long
>>>> as we do have to do that, it would be good to have a cert that doesn't
>>>> raise any alarms.
>>> Hm.. I guess this is a pertinent question.. Do we really need HTTPS
>>> stuff even now? I mean.. <http://svn.boost.org/svn currently> works. So
>>> it's just a matter of turning on <http://svn.boost.org/trac>.
>> The problem is sending usernames and password unencrypted. Which would be
>> the case when turning of SSL.
> I would assume that those with user accounts could still
> log in using HTTPS. Most of them should know about
> the certificate already. The people to worry about are the
> ones who are just browsing the wiki or submitting a bug
> report. HTTP should be fine for this.
Should be, but sometimes they connect via HTTPS anyway. This causes
hiccups. It's not a huge problem worth spending lots of resources on
solving but it might be worth spending enough to get the cert from
Bryce (which is probably less than this thread has already consumed).
-- Dave Abrahams BoostPro Computing http://www.boostpro.com
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk