[coreboot] force https on review.coreboot.org
Timothy Pearson
tpearson at raptorengineeringinc.com
Thu Apr 16 17:54:17 CEST 2015
On 04/16/2015 08:57 AM, Alexander Couzens wrote:
> Hi,
>
> review isn't forcing https. Can we please do this? Otherwise stealing cookies is posibble.
> Review supports https. There is atm an CACert based certificate and CaCert isn't included in the default root keychain.
> Thus a normal user will shown a big fat warning, not to connect to review.coreboot.org,
> because the certificate is unknown and untrusted.
> I don't have a problem with that and I like CaCert. But if CaCert is the reason not enabling https-only,
> than let us change to StartSSL or someother SSL authority.
>
> Best lynxis
>
> PS. Same issue on www.coreboot.org, but stealing review is much more worse than stealing wiki cookies.
> PPS. Please write a +1 if you're supporting this opinion.
>
+1
--
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645
http://www.raptorengineeringinc.com
More information about the coreboot
mailing list