[coreboot] force https on review.coreboot.org
Alexander Couzens
lynxis at fe80.eu
Thu Apr 16 15:57:33 CEST 2015
Hi,
review isn't forcing https. Can we please do this? Otherwise stealing cookies is posibble.
Review supports https. There is atm an CACert based certificate and CaCert isn't included in the default root keychain.
Thus a normal user will shown a big fat warning, not to connect to review.coreboot.org,
because the certificate is unknown and untrusted.
I don't have a problem with that and I like CaCert. But if CaCert is the reason not enabling https-only,
than let us change to StartSSL or someother SSL authority.
Best lynxis
PS. Same issue on www.coreboot.org, but stealing review is much more worse than stealing wiki cookies.
PPS. Please write a +1 if you're supporting this opinion.
--
Alexander Couzens
mail: lynxis at fe80.eu
jabber: lynxis at jabber.ccc.de
mobile: +4915123277221
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20150416/16716d13/attachment.sig>
More information about the coreboot
mailing list