Hi Kenneth,
I fully agree with you. I'd add a JIRA so we can remember it, but I
won't classify this as a security problem. For me security issues have
special priority, I don't see that priority here.
Kind regards,
Antonio
On 25/09/18 19:16, Kenneth Jaeger wrote:
I understand since there is no login information being sent to
plugins.netbeans.org, that security is less of a concern, but this is a
front facing website. It is not just used by the IDE. Browsers are going
to start yelling at us when we go to any http site (as I personally think
they should be). Call me paranoid, but I think the trend toward 100% of
web traffic being TLS encrypted is a good one. Also if plugins.netbeans.org
upgrades to HTTP2, it MUST be TLS then.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
