Re: people.debian.org will move from ravel to paradis and become HTTPS only
-----BEGIN PGP SIGNED MESSAGE-----
On 07/20/2014 03:08 PM, Wouter Verhelst wrote:
> Op zondag 20 juli 2014 18:19:14 schreef Peter Palfrader:
>> None of these brings people who type in people.debian.org into
>> their browser to https.
> If they type it in because they want to avoid HTTPS for whatever
> local reason, then that's a feature, not a bug.
> If they type it in because they were given a HTTP URL rather than a
> HTTPS one by someone else, then you should cluebat that someone else.
What if they don't type in any protocol, but just type in the server
name? That's very common among people who are less technically inclined
(and who bother to type URLs at all), and even among those who are more
so, ever since the day browsers first implemented the necessary smarts
to let it work in the first place.
Most browsers, and for that matter other HTTP clients, will default to
trying HTTP - not HTTPS - if given a URL that doesn't specify any
protocol. I'm anal-retentive about typing the full URL (including
protocol) manually when not just clicking on a link, as a matter of
standing on principle, and even I just accept that default sometimes.
Changing that default, without forcing HTTPS in the way which people in
this thread are objecting to, would seem to require changing all of
those clients - a much, much bigger proposition than the administrators
of any one server can practically tackle.
Secrecy is the beginning of tyranny.
A government exists to serve its citizens, not to control them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----