> > On Mon, Aug 22, 2016 at 6:49 PM, Maxim Konovalov <ma...@nginx.com> wrote: > On 8/22/16 7:41 PM, B.R. wrote: > > In 2016, stating that content served over HTTP is 'secure' blows my > > mind and kills your credibility. > > > Who did that? What's his name? >
Someone named 'Maxim Konovalov'. Sounds familiar? See below: On Mon, Aug 22, 2016 at 5:44 PM, Maxim Konovalov <ma...@nginx.com> wrote: > On 8/22/16 6:40 PM, Richard Stanway wrote: > > 1. You could provide insecure.nginx.org <http://insecure.nginx.org> > > mirror for such people, make nginx.org <http://nginx.org> secure by > > default. > > > No, thanks. It is secure by default and HTTPS by default doesn't > add any value. > --- On Mon, Aug 22, 2016 at 7:30 PM, Maxim Konovalov <ma...@nginx.com> wrote: > On 8/22/16 8:23 PM, Richard Stanway wrote: > > See https://nginx.org/en/linux_packages.html#stable > > > > PGP key links are hard coded to http URLs: > [...] > > Please download <a href="http://nginx.org/keys/nginx_signing.key";>this > > key</a> > [...] > Yes, I see. It should be fixed. Thanks. > Not from my side: I still see HTTP links on the following webpage: nginx.org/en/linux_packages.html, both in the HTTP & HTTPS versions (2 'this key' links, 1 'nginx signing key'). Also true for keys delivered on http://nginx.org/en/pgp_keys.html. There might be some other places, though. --- *B. R.*
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
