At Mon, 16 Aug 2010 12:14:04 -0500, Rene Rivera wrote:
On 8/16/2010 11:53 AM, Thomas Heller wrote:
Rene Rivera wrote:
On 8/16/2010 11:39 AM, David Abrahams wrote:
I suppose, pretty soon, we may not need to have any https stuff on our own domain anyway, but as long as we do have to do that, it would be good to have a cert that doesn't raise any alarms.
Hm.. I guess this is a pertinent question.. Do we really need HTTPS stuff even now? I mean..<http://svn.boost.org/svn currently> works. So it's just a matter of turning on<http://svn.boost.org/trac>.
The problem is sending usernames and password unencrypted. Which would be the case when turning of SSL.
Even for HTTP svn doesn't send passwords in the clear, IIRC. And I'm fairly sure neither does Trac.
News to me. Again, this is (at least) a matter of perception: people don't know that. -- Dave Abrahams BoostPro Computing http://www.boostpro.com