On 01/13/2013 01:22 PM, Joerg Jaspert wrote: > - wiki.debconf.org is now only reachable by SSL. non-ssl gets > redirected. Though I would be happy enough to let non-ssl access it > too, if someone takes the time to tweak either the apache config or > mediawiki so that it requires SSL for logins (and maybe anonymous > edits?), ie. reading only for non-ssl. > Keep in mind, its squeeze, so mediawiki from there...
Thank you, Joerg! This is really valuable work.
fwiw, i don't think that browsing via cleartext http is a useful goal,
given the problems with session hijacking, sslstrip-style attacks, etc.
If the https connections are considered too onerous for some reason, i'd
be happy to try to help troubleshoot and improve the situation, if
that's desired.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Debconf-team mailing list [email protected] http://lists.debconf.org/mailman/listinfo/debconf-team
