Yeah I understand even if HTTPS wouldn't come enabled by default (and it
shouldn't), but only available with that and that may seem Ok. My only
concern has been how much these extras consume on the default image for
not being something essential.
I understand there has been a movement to have HTTPS everywhere (even
where it is not necessary), but I understand that in a common LAN this
is really not necessary by default and when people can freely install
and use with no problem.
Again concern is space usage for the default image. If that doesn't mean
anything significant in the context where every byte counts it may be a
good compromise to have it available but not enabled by default.
Regards
Fernando
On 14/05/2021 11:22, Etienne Champetier wrote:
Hi All,
Le ven. 14 mai 2021 à 05:00, Petr Štetiar <[email protected]> a écrit :
Fernando Frediani <[email protected]> [2021-05-11 20:13:18]:
Hi,
I am no sure https support should still be something by default in the
images as it's not something really essential
to me it's like discussion about telnet versus SSH. (Puting aside, that one
shouldn't be using password at all) If it's fine with you to send your root
password over telnet, then SSH is not essential, I agree.
FYI HTTPS wouldn't be enabled by default, it would be *available* by default,
giving users of default release images choice for management of their devices
over HTTPS, by doing so *explicitly*.
I'm all for HTTPS to be shipped by default
One painfull "bug" that some people might face having both HTTP and HTTPS,
when you login using HTTPS, the sysauth cookie has secure=true,
so you can't login via HTTP anymore because it's trying to modify the
secure=true sysauth cookie :(
Etienne
OpenWrt has quite huge community, so I hope, that having HTTPS available in
default images would bring the currently horrible UX of self-signed
certificates to wider audience which in turn might foster improvements.
-- ynezz
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
