[coreboot] force https on review.coreboot.org

[The Gluglug]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Alexander,

On 16/04/15 14:57, Alexander Couzens wrote:
> Hi,
> 
> review isn't forcing https. Can we please do this? Otherwise
> stealing cookies is posibble. Review supports https. There is atm
> an CACert based certificate and CaCert isn't included in the
> default root keychain. Thus a normal user will shown a big fat
> warning, not to connect to review.coreboot.org, because the
> certificate is unknown and untrusted. I don't have a problem with
> that and I like CaCert. But if CaCert is the reason not enabling
> https-only, than let us change to StartSSL or someother SSL
> authority.
> 
> Best lynxis
> 
> PS. Same issue on www.coreboot.org, but stealing review is much
> more worse than stealing wiki cookies. PPS. Please write a +1 if
> you're supporting this opinion.
> 
> 
> 

"Let's Encrypt" is interesting; https://letsencrypt.org/

It's not ready yet, but it's supposed to be an "automated" (most
likely gratis) certificate authority, and they are working hard to get
it recognized to work around the issue where the user would otherwise
get warnings in their browser.

Run by the EFF. Definitely something to look into. I'm waiting for it
to become available, so that I can start using it on my sites/services.

Seth Schoen did a talk about it recently,
watch from 59 minutes in:
http://mtjm.eu/releases/lp2015/lp-123-1426949592.ogv
(there were slides during the talk, but they didn't capture them)

Regards,
Francis Rowe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVME08AAoJEP9Ft0z50c+UaoMH/Rk/M+z+LIEtWISe88fi1pxL
0Trp1TRQGs8ggMZs0tYqpwczkSYWf5HiMTfA85zGI0jpHHNhDBSLZnO62N2nq2Dl
zSqMGnWQgfRpdmtgCrU9ctfGbqvONjWO3DlA4zDGqUXAelQe7NKF6OkUijCln+DL
9GucY9x+fVNo4TaokJz9zxVF+Y10flFwk+DTMz7FoIXgaJhKJ5QFfqX7ybT9U7P1
53Uci5J9qQMio1IFuPcVxqpchYvaEhVF2NPEXtHCCQG0izGrpjMvFwbrh/fXWNfp
KCxoQyEfoB98lFBjkBj0uXlfAJsOI8+t02P1JN+hyxpnGeoWk30rmNGAvwHAY8M=
=Vj0R
-----END PGP SIGNATURE-----