No HTTPS on nginx.org by default
reallfqq-nginx at yahoo.fr
Tue Aug 23 13:15:10 UTC 2016
> On Mon, Aug 22, 2016 at 6:49 PM, Maxim Konovalov <maxim at nginx.com> wrote:
> On 8/22/16 7:41 PM, B.R. wrote:
> > In 2016, stating that content served over HTTP is 'secure' blows my
> > mind and kills your credibility.
> Who did that? What's his name?
Someone named 'Maxim Konovalov'. Sounds familiar?
On Mon, Aug 22, 2016 at 5:44 PM, Maxim Konovalov <maxim at nginx.com> wrote:
> On 8/22/16 6:40 PM, Richard Stanway wrote:
> > 1. You could provide insecure.nginx.org <http://insecure.nginx.org>
> > mirror for such people, make nginx.org <http://nginx.org> secure by
> > default.
> No, thanks. It is secure by default and HTTPS by default doesn't
> add any value.
On Mon, Aug 22, 2016 at 7:30 PM, Maxim Konovalov <maxim at nginx.com> wrote:
> On 8/22/16 8:23 PM, Richard Stanway wrote:
> > See https://nginx.org/en/linux_packages.html#stable
> > PGP key links are hard coded to http URLs:
> > Please download <a href="http://nginx.org/keys/nginx_signing.key">this
> > key</a>
> Yes, I see. It should be fixed. Thanks.
Not from my side: I still see HTTP links on the following webpage:
nginx.org/en/linux_packages.html, both in the HTTP & HTTPS versions (2
'this key' links, 1 'nginx signing key').
Also true for keys delivered on http://nginx.org/en/pgp_keys.html. There
might be some other places, though.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx