Another step towards crowdfunding
Doug Barton
dougb at dougbarton.us
Wed Dec 18 18:58:58 CET 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 12/18/2013 07:32 AM, Sam Tuke wrote:
| On 18/12/13 00:01, Micah Lee wrote:
|> The problem is you're wanting to make GnuPG go mainstream but then
you end
|> up with people seeing this: http://i.imgur.com/53nvUqm.png
|
| Yup. That should be avoided. However there are only a few pages that
| critically need to be https it seems to me. Anywhere that source files are
| provided clearly needs to be secure. Ideally the manual pages too. But the
| front page has no need in my opinion.
Well, completely aside from the fact that "encrypt everything you can"
is a good default policy, providing a consistent user experience is a
good reason to make https the only access method. At very least, making
sure that if a user enters the site via https that they stay on https
(protocol-agnostic links/URLs).
A better question would be why would you not want to serve all the pages
via https? Please don't say "higher CPU usage" because the difference is
negligible on any modern system.
Doug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
iQEcBAEBCAAGBQJSseJiAAoJEFzGhvEaGryET34H/1CP9ZXka+/6Jh4RRu+bWHQy
ye1aUJmqqsBG/hYlRi3Bz3UhmyLiQUtIE9CyiXx3cU88Cmb+u2MsoiLwasFxxRtU
FIik1zi4iudnkpZOzKKzlHSe1rb8qvOCB4RUYX/E9F990mU5dCL02bKhHMbqIhjb
+xkYGnje3bSv/kvEmPVb862tQD2k9fLswlAmdDtXClMbG6ZQyZv3olfZ87RpN2EC
VZGx4FVIyVjnAlGmTs2/U5U6oMdzZp5ScAu4z2S2FwnGc98ZNn1JAzGNh8BlKVix
lw/3Fhzovjhjbxvy/PxNN3prmgf2IOPvqkl3gvdt2xHkEg9KqBsaiL8/HBs7yz0=
=m2a9
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list