On Tue, Feb 14, 2017 at 09:52:53PM +0100, Robert Mayr wrote: > Il 14/feb/2017 08:52 PM, "Kevin Fenzi" <kevin@xxxxxxxxx> ha scritto: > > In the past we haven't bothered to make fedoraplanet.org https because > > some/many of the blogs that are aggregated there are http. However, now > > with the advent of letsencrypt, I wonder if we shouldn't revisit that. > > > > I noticed this again due to a recent gnome planet post: > > http://nibblestew.blogspot.com/2017/02/enabling-https-is-easy.html > > > > Proposal: > > > > * We get a https cert for fedoraplanet.org and enable it. > > (of course right now it will show lots of insecure content which will > > be anoying support wise as people ask us about it, but no more so than > > 'why isn't it https enabled'). > > > > * We send out an announcement asking everyone who has a blog aggregated > > on fedoraplanet to https enable their blogs. > > > > * We have some deadline (like 6 months? a year? less?) and after that > > point we drop all the http blogs and only allow https. > > > > There's no real security advantage here, other than making more traffic > > on the net encrypted, which I think is a good goal. > > > > What do folks think? Doable? To harsh? Pointless? > > I think it is not only doable easily, but also an advantage for the blog > owners we collect on fedoraplanet. > Maybe a deadline is the right way here, probably 6 month is not enough, but > what about the end of the year? This could also be useful to clean up > abandoned blogs from people who are not posting anything anymore. > Just my thoughts on this topic. Generally in favor here. However, two things to add: (1) A year seems reasonable for this. We're not under pressure here, no need to pass it on to others either. (2) If this is truly important, infra team should (a) make themselves available to consult on how to fix, and/or (b) create a couple simple HOWTOs for the most prevalent self-hosted services. No need for us to carry large numbers of inactive blogs on the roll, and this is a good way to find out which are still maintained. At the same time, we need to balance the ability to give non-technical community members a voice. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ The open source story continues to grow: http://opensource.com _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
