|
https for forum and homepage
|
|
I got a few requests (by encrypted mails
 ) to offer https for the homepage and forum. I have to agree nowadays we need at least https support.
Yes, this is critical. You know that when you use on this or any other non https-forum a password you use for secure things, this password is been transfered fully clear trough the internet.
This means that you tell your ISP your password. You tell everyone on a public wifi like on starbucks-coffee your password. And so on. The best solution is to upgrade your webserver to HTTP/2 and to use the free certificates from https://letsencrypt.org/ when they start their service in few days.
About half a year later and NOTHING happened? Whats going on here?! It seems i am not the only one who see this critical security issues noone care about!
By the way: I have been forced to register without any encryption to this forum and had to send in cleartext the password. So because i was forced to make it public here it is: "insecurehttp" (without the quotes)
I must agree here. The forum and website should be "HTTPS" in order to increased the security of users to this forum and people who download ISOs. I realize that HTTPS would not have prevented the unfortunate event with Linux Mint as the problem was most likely a WP plugin. However, with LetEncrypt, HTTPS is made relatively easy.
Also, while an md5sum is available for users I think the use of SHA256 and/or pgp would be better. I have no idea how much additional work doing these things would add as I believe this project is run by a relatively small group I do not wish to add burden. I would like to express my appreciation for the absolutely wonderful and professional distro that Netrunner is so if there is any way I can contribute, I'd be happy to. |
