No HTTPS on nginx.org by default

B.R. reallfqq-nginx at yahoo.fr
Tue Aug 23 13:15:10 UTC 2016


>
> On Mon, Aug 22, 2016 at 6:49 PM, Maxim Konovalov <maxim at nginx.com> wrote:
> On 8/22/16 7:41 PM, B.R. wrote:
> > In 2016, stating that content served over HTTP is 'secure' blows my
> > mind and kills your credibility.
> >
> Who did that?  What's his name?
>

​Someone named 'Maxim Konovalov'​. Sounds familiar?
See below:

​​On Mon, Aug 22, 2016 at 5:44 PM, Maxim Konovalov <maxim at nginx.com> wrote:
> On 8/22/16 6:40 PM, Richard Stanway wrote:
> > 1. You could provide insecure.nginx.org <http://insecure.nginx.org>
> > mirror for such people, make nginx.org <http://nginx.org> secure by
> > default.
> >
> No, thanks.  It is secure by default and HTTPS by default doesn't
> add any value.​
>

---

​​​On Mon, Aug 22, 2016 at 7:30 PM, Maxim Konovalov <maxim at nginx.com> wrote:
> On 8/22/16 8:23 PM, Richard Stanway wrote:
> > See https://nginx.org/en/linux_packages.html#stable
> >
> > PGP key links are hard coded to http URLs:
> [...]
> > Please download <a href="http://nginx.org/keys/nginx_signing.key">this
> > key</a>
> [...]
> Yes, I see.  It should be fixed.  Thanks.
>

Not from my side: I​ still see HTTP links on the following webpage:
nginx.org/en/linux_packages.html, both in the HTTP & HTTPS versions (2
'this key' links, 1 'nginx signing key').
​Also true for keys delivered on http://nginx.org/en/pgp_keys.html. There
might ​be some other places, though.
---
*B. R.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160823/de9a5b82/attachment.html>


More information about the nginx mailing list