On 08/31/2017 09:10 PM, Ask Bjørn Hansen wrote:
Hi everyone,
We’re considering how/how-much we can make www.cpan.org TLS-only.
http://log.perl.org/2017/08/tls-only-for-wwwcpanorg.html
I expect that we can’t make the whole site TLS-only without breaking some CPAN
clients, so the conservative version is to force TLS for
- any url ending in *.html
- any url not in matching some variation of
(/authors/ | /MIRRORED.BY | ^/modules/[^/]+ )
Does that sound about right? Maybe /src/, too?
(Also - we will support TLS for www.cpan.org permanently now, so please update
URLs where possible and appropriate).
To be honest, I had no idea what 'TLS' meant when I first read this
message. So I can't say anything one way or the other about your proposal.
I suspect I'm not alone in this. I would encourage you to post in a
location like blogs.perl.org as to what 'TLS' is, so that the census
count of the ignorant can be reduced.
Thank you very much.
Jim Keenan
