On Sat, May 23, 2015 at 2:29 PM, Ian Kelly <ian.g.ke...@gmail.com> wrote: > There *should* be scary warnings for plain > HTTP connections (although there is a counter-argument that many sites > don't need any encryption and HTTPS would just be wasteful in those > cases).
I don't think there should be "scary warnings", for precisely this reason. When the information you're sharing is completely public, there's no point taking the overhead of encryption. So there should be two normal and acceptable ways to access data: either unencrypted, or encrypted with a verified certificate. Oh look, that's what we have. There is an assumption that your system certificate store is trustworthy, but for the typical user, it's probably better than they'll get any other way, and for an atypical user, it can be pruned easily. But I think we're just a smidge off-topic here. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
