Debian User Forums

Hi guys,

We are leaving in an era where SSL/TLS is trying to be everywhere, maybe it's time for this forum to be SSL friendly.
Let's Encrypt provides free SSL certificates and certbot makes everything very simple to setup for Apache/Nginx.

What do you think guys?

Same idea has popped up here a few times during last decade. Conclusion has been it would not be worth, this is only user forum.

arzgi wrote:Same idea has popped up here a few times during last decade. Conclusion has been it would not be worth, this is only user forum.

But people are authenticating with credentials to this forum.

To spare you the search:
http://forums.debian.net/viewtopic.php?f=12&t=118960

If people are using the same password here that they use elsewhere then they only have themselves to blame when they get hacked.

And not everybody agrees that https should be universal: http://n-gate.com/software/2017/07/12/0/

SSL has gone the route of "higher education", once its universal it has lost any/all meaning and relevance, then they create a new "higher level". PhDdD anyone, that will allow you to flip burgers one day.

OK, then...

Head_on_a_Stick wrote:If people are using the same password here that they use elsewhere then they only have themselves to blame when they get hacked.

Fair enough, but just maybe sending the credentials of your user account in clear text, is a bad idea everywhere. On a public network, it is almost like sending a postcard with your e-mail address and password on it.

Hallvor wrote:sending the credentials of your user account in clear text, is a bad idea everywhere

+1

But as the owners of the server are in absentia there doesn't seem to be much we can do about that, apart from not logging in at all.

When sending the form to the https server you instead download the source to the script TalkToWendys.

Use the https everywhere extension on Firefox, Chrome/ium, Opera ... Apparently works on a few others. Haven't used it outside of playing around with the thing on FF. Don't know if it'd even work on this site and you've got mixed content http/https, not ideal but maybe something more than as is now. Something to recommend to people concerned about this perhaps.

PS, doesn't work on FF mobile no locky thing in address bar, maybe no webextension version yet? May work on others. Took a shot and FaiL!, arghhh.

Amazes me that not one of the posters, here or in the other thread(s), calling for https on this forum, has volunteered to do the work necessary and bear the cost of the change.