Page 1 of 1

Setup https on forums.debian.net

PostPosted: 2020-01-24 15:19
by goldyfruit
Hi guys,

We are leaving in an era where SSL/TLS is trying to be everywhere, maybe it's time for this forum to be SSL friendly.
Let's Encrypt provides free SSL certificates and certbot makes everything very simple to setup for Apache/Nginx.

What do you think guys?

Re: Setup https on forums.debian.net

PostPosted: 2020-01-24 15:52
by arzgi
Same idea has popped up here a few times during last decade. Conclusion has been it would not be worth, this is only user forum.

Re: Setup https on forums.debian.net

PostPosted: 2020-01-24 15:54
by goldyfruit
arzgi wrote:Same idea has popped up here a few times during last decade. Conclusion has been it would not be worth, this is only user forum.

But people are authenticating with credentials to this forum.

Re: Setup https on forums.debian.net

PostPosted: 2020-01-26 07:58
by Chrisdb

Re: Setup https on forums.debian.net

PostPosted: 2020-01-26 11:47
by Head_on_a_Stick
If people are using the same password here that they use elsewhere then they only have themselves to blame when they get hacked.

And not everybody agrees that https should be universal: http://n-gate.com/software/2017/07/12/0/

Re: Setup https on forums.debian.net

PostPosted: 2020-01-26 17:22
by HuangLao
SSL has gone the route of "higher education", once its universal it has lost any/all meaning and relevance, then they create a new "higher level". PhDdD anyone, that will allow you to flip burgers one day.

Re: Setup https on forums.debian.net

PostPosted: 2020-01-27 18:37
by goldyfruit
OK, then...

Re: Setup https on forums.debian.net

PostPosted: 2020-01-27 20:39
by Hallvor
Head_on_a_Stick wrote:If people are using the same password here that they use elsewhere then they only have themselves to blame when they get hacked.


Fair enough, but just maybe sending the credentials of your user account in clear text, is a bad idea everywhere. On a public network, it is almost like sending a postcard with your e-mail address and password on it.

Re: Setup https on forums.debian.net

PostPosted: 2020-01-28 18:12
by Head_on_a_Stick
Hallvor wrote:sending the credentials of your user account in clear text, is a bad idea everywhere

+1

But as the owners of the server are in absentia there doesn't seem to be much we can do about that, apart from not logging in at all.

Re: Setup https on forums.debian.net

PostPosted: 2020-03-11 08:22
by Thoma11s
When sending the form to the https server you instead download the source to the script TalkToWendys.

Re: Setup https on forums.debian.net

PostPosted: 2020-03-11 08:56
by Deb-fan
Use the https everywhere extension on Firefox, Chrome/ium, Opera ... Apparently works on a few others. Haven't used it outside of playing around with the thing on FF. Don't know if it'd even work on this site and you've got mixed content http/https, not ideal but maybe something more than as is now. Something to recommend to people concerned about this perhaps. :)

PS, doesn't work on FF mobile no locky thing in address bar, maybe no webextension version yet? May work on others. Took a shot and FaiL!, arghhh.

Re: Setup https on forums.debian.net

PostPosted: 2020-03-11 09:54
by NFT5
Amazes me that not one of the posters, here or in the other thread(s), calling for https on this forum, has volunteered to do the work necessary and bear the cost of the change.