Il 14/feb/2017 08:52 PM, "Kevin Fenzi" <kevin@xxxxxxxxx> ha scritto:
Greetings.
In the past we haven't bothered to make fedoraplanet.org https because
some/many of the blogs that are aggregated there are http. However, now
with the advent of letsencrypt, I wonder if we shouldn't revisit that.
I noticed this again due to a recent gnome planet post:
http://nibblestew.blogspot.com/2017/02/enabling-https-is- easy.html
Proposal:
* We get a https cert for fedoraplanet.org and enable it.
(of course right now it will show lots of insecure content which will
be anoying support wise as people ask us about it, but no more so than
'why isn't it https enabled').
* We send out an announcement asking everyone who has a blog aggregated
on fedoraplanet to https enable their blogs.
* We have some deadline (like 6 months? a year? less?) and after that
point we drop all the http blogs and only allow https.
There's no real security advantage here, other than making more traffic
on the net encrypted, which I think is a good goal.
What do folks think? Doable? To harsh? Pointless?
kevin
_______________________________________________
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org
I think it is not only doable easily, but also an advantage for the blog owners we collect on fedoraplanet.
Maybe a deadline is the right way here, probably 6 month is not enough, but what about the end of the year? This could also be useful to clean up abandoned blogs from people who are not posting anything anymore.
Just my thoughts on this topic.
Robert
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx