On Mon, Aug 16, 2010 at 10:24 AM, Steven Watanabe <watanabesj@gmail.com> wrote:
AMDG
Thomas Heller wrote:
Rene Rivera wrote:
On 8/16/2010 11:39 AM, David Abrahams wrote:
I suppose, pretty soon, we may not need to have any https stuff on our own domain anyway, but as long as we do have to do that, it would be good to have a cert that doesn't raise any alarms.
Hm.. I guess this is a pertinent question.. Do we really need HTTPS stuff even now? I mean.. <http://svn.boost.org/svn currently> works. So it's just a matter of turning on <http://svn.boost.org/trac>.
The problem is sending usernames and password unencrypted. Which would be the case when turning of SSL.
I would assume that those with user accounts could still log in using HTTPS. Most of them should know about the certificate already. The people to worry about are the ones who are just browsing the wiki or submitting a bug report. HTTP should be fine for this.
Should be, but sometimes they connect via HTTPS anyway. This causes hiccups. It's not a huge problem worth spending lots of resources on solving but it might be worth spending enough to get the cert from Bryce (which is probably less than this thread has already consumed). -- Dave Abrahams BoostPro Computing http://www.boostpro.com