Il 14/feb/2017 08:52 PM, "Kevin Fenzi" <[email protected]> ha scritto:
Greetings. In the past we haven't bothered to make fedoraplanet.org https because some/many of the blogs that are aggregated there are http. However, now with the advent of letsencrypt, I wonder if we shouldn't revisit that. I noticed this again due to a recent gnome planet post: http://nibblestew.blogspot.com/2017/02/enabling-https-is-easy.html Proposal: * We get a https cert for fedoraplanet.org and enable it. (of course right now it will show lots of insecure content which will be anoying support wise as people ask us about it, but no more so than 'why isn't it https enabled'). * We send out an announcement asking everyone who has a blog aggregated on fedoraplanet to https enable their blogs. * We have some deadline (like 6 months? a year? less?) and after that point we drop all the http blogs and only allow https. There's no real security advantage here, other than making more traffic on the net encrypted, which I think is a good goal. What do folks think? Doable? To harsh? Pointless? kevin _______________________________________________ infrastructure mailing list -- [email protected] To unsubscribe send an email to [email protected] I think it is not only doable easily, but also an advantage for the blog owners we collect on fedoraplanet. Maybe a deadline is the right way here, probably 6 month is not enough, but what about the end of the year? This could also be useful to clean up abandoned blogs from people who are not posting anything anymore. Just my thoughts on this topic. Robert
_______________________________________________ infrastructure mailing list -- [email protected] To unsubscribe send an email to [email protected]
