[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [savannah-help-public] address@hidden: Re: [Repo-criteria-discuss] S
|
From: |
Bob Proulx |
|
Subject: |
Re: [savannah-help-public] address@hidden: Re: [Repo-criteria-discuss] Savannah and HTTPS] |
|
Date: |
Thu, 29 Dec 2016 02:32:08 -0700 |
|
User-agent: |
NeoMutt/20161126 (1.7.1) |
Richard Stallman wrote:
> Some people are arguing that we should turn off HTTP on Savannah,
> so it should support ONLY HTTPS. I included some of what
> they said.
>
> That seems like a radical demand, and I am skeptical. What do you
> think about the issue? Should we actually make Savannah reject HTTP
> connections outright?
I am skeptical too. Because there are no absolutes. All generalities
are false. Including that one.
And also for example would the FSF shutdown anonymous ftp access for
ftp.gnu.org too? Anonymous ftp, the anonymous cvs pserver, git
server, others, all will be on the chopping block. I fear the pursuit
of perfect will injure those not capable of being perfect.
In any case the movement toward higher security for the web site is
desirable and things are moving that direction as quickly as they can
move. However current system is outdated and cannot offer the
security features needed of a high security web site. Which is why we
are upgrading. The configuration of a high security web site is well
understood. We only recently acquired the minimum resources from the
FSF to upgrade and are now in the middle of the migration onto the
newer system so that such high security can be offered. Before then,
as a practical matter it is not possible. Let's talk about this after
the upgrade when high security is at least possible.
Bob