Re: [Lazarus] https website for Lazarus

Graeme Geldenhuys via Lazarus wrote: On 2017-03-13 21:50, Marc Weustink via Lazarus wrote: It is one of my plans to enable it for the lazarus sites. And now with Firefox 52, it gives you a "in your face" warning that you are logging into a unsecure website. Only only the crossed out padlock

Re: [Lazarus] https website for Lazarus

On 2017-03-13 21:50, Marc Weustink via Lazarus wrote: > It is one of my plans to enable it for the lazarus sites. And now with Firefox 52, it gives you a "in your face" warning that you are logging into a unsecure website. Only only the crossed out padlock in the URL, but also a popup warning

Re: [Lazarus] https website for Lazarus

On 2017-03-14 12:07, Anthony Walter via Lazarus wrote: > If you have a subject you want people to explore, you need to > represent it well. Apple does a lot of things wrong (these days), but they also do a lot of things right when it comes to design. Using good Typography (via CSS only) can look

Re: [Lazarus] https website for Lazarus

On 03/14/2017 08:07 AM, Anthony Walter via Lazarus wrote: > Graeme, > > By far most of the heavy stuff is images and I don't see that as a bad > thing. If you have a subject you want people to explore, you need to > represent it well. Of course a website could just be static text, but > if put

Re: [Lazarus] https website for Lazarus

Graeme, By far most of the heavy stuff is images and I don't see that as a bad thing. If you have a subject you want people to explore, you need to represent it well. Of course a website could just be static text, but if put some screen shots on the front page, maybe a gallery, rotating images

Re: [Lazarus] https website for Lazarus

On 2017-03-14 10:38, Anthony Walter via Lazarus wrote: > I just thought I'd share my experience with http://www.getlazarus.org > I added https to it a few months ago using let's encrypt. The experience > was pretty easy. Indeed, Let's Encrypt is really easy to use and implement. > The only

Re: [Lazarus] https website for Lazarus

As a test I used Letsencrypt for my own site. If successful then I planned to update Lazarus. My first automated certificate update went smooth, so Lazarus is next. One mayor issue with Letsencrypt is that all automated update processes re-generate the CSR. Since our hoster supports dnsseq

Re: [Lazarus] https website for Lazarus

I just thought I'd share my experience with http://www.getlazarus.org I added https to it a few months ago using let's encrypt. The experience was pretty easy. The only hiccup I had/still have is that I serve images/video using S3 with a subdomain CNAME to improve performance. I had to use a

Re: [Lazarus] https website for Lazarus

It is one of my plans to enable it for the lazarus sites. Mar On March 13, 2017 6:08:14 PM GMT+01:00, Tony Whyman via Lazarus wrote: >Has anyone thought about supporting https on the Lazarus (and Free >Pascal) websites? Firefox, for example, is getting

Re: [Lazarus] https website for Lazarus

in light of recent disclosures i would not be too optimistic about https at this point in time since if an endpoint is compromised https will offer no real meaningfull protection in some cases. however having said that at least there is some degree of protection against compromise of data.

[Lazarus] https website for Lazarus

Has anyone thought about supporting https on the Lazarus (and Free Pascal) websites? Firefox, for example, is getting increasingly sniffy about unprotected websites and for good reason. It would also be useful to protect the svn feeds, if only to reduce the risk of a man in the middle attack