Yes, I can imagine there's been a few posts about this. I just replied to this one, since it was fairly rescent. No, there's no reason to repeat, but since you took the time to write a good reply, I'll response to some of it.
cuckooflew wrote:
I will say this much, I agree, there is no real reason to use it on this forum/site, all though many persons in the endless discussion on this, have pointed the many reasons they imagine we need it.
I will add, I don't use it my self on any of my webistes and forums that I administer....no need to spam the forum with a list though, // ... //
Years ago, I did honestly have a problem with my system clock, and setting it,...I needed help with that, every other forum I tried to connect to was https, and I was not able to connect.
Yes, that can be tough… There are simular cases with Rasbery Pi's (no hwclock), but it usually helps to use
ntpd or
crony to get the clock running as it should.
If your clock was an hour or a day off or so… and it was because of an expired certificate - then you had really bad luck. But, if you had serveral site that didn't let you in… Perhaps their HTTPS settings were too “modern” for your browser? That's always a delicate balance – how far back you shuold support old browsers.
(Example: ssl-config.mozilla.org. Look at the different browser support between old, intermediate and modern.) I usually go with intermediate if it's a larger site or someone else site, and modern on my own sites.
cuckooflew wrote:Is https really such a good thing , for a OS support forum, where many of the users are trying to connect with a perhaps crippled system ?
If it's not good here, then it's not good on the
Wiki either. That'd be one of the first places I look for answers if my system is crippled.
cuckooflew wrote:Supposedly there is optional choice, where one can select to use http instead, and I suppose as long as the http option is available , then it would not matter, // ... //
Unless you (force) redirect all traffic to 443, on the server level, there's always the option for the visitor to use http instead. For a place like this (OS support forum), that would maybe be considered, for those reasons you mentioned earlier. So, even if you add HTTPS to a site and make that default - you can always have HTTP available. It's just how you configure it. Then no one will get hurt.
cuckooflew wrote:It won't do any good, no one will ever convince those that do not want https that we should use it. and like wise no one that wants http will ever convince the people that promote https that http is ok. In other words, the ones that like and want https, will always argue that it is necessary, the ones that don't want it will all ways argue that it isn't. So it is a deadhorse, a old and pointless , endless discussion.
I think we all can agree on that HTTPS is a better choice, but the “why's” and reasons to use it may differ. For example, I don't see
any reason not to - where you have a few ones.
One good reason though… Since browsers are punishing non-HTTPS sites now in different ways (blocking, lower page rank, display page as unsecure, etc.). I think it's soon hard to avoid it.
Old and pointless…
naah. :–)
Endless… Well, that is actullay “fixable”:
cuckooflew wrote:it is clear for some reason, the administrator of the forum has choosen not to use https, but they have never posted a response explaining their reasons. There is no reason to expect they will either.
It would be great if they decided to speak up, and explain their reasons why, or when …or why not. Until then it will always seem a bit odd to me, since they have it on all the other pages. But, since they are the ones to decide… If they'd speak up, then there's no reason speculate anymore. And the endless becomes end… :–)
/2¢