Noted, I will bump it up the priority list. On Thursday, January 14, 2016 at 1:49:55 PM UTC-6, Laurens Van Houtven wrote: > > Hi, > > On Jan 14, 2016, at 12:34 PM, Alex Miller <a...@puredanger.com> wrote: > > The clojure.org has never, and does not now, support https. It is an > entirely static site, so it is not high on my priority list to work on. > > > Sure; but it does respond to HTTPS requests with a bogus cert, instead of > simply not supporting HTTPS at all. > > Since it’s HTTP, an attacker on a local network can fairly trivially (by > which I mean: using off the shelf tools) make that “download Clojure” link > point to whatever they want, which is my main concern. > > I don’t know if this is an option for you, but CloudFlare will give you a > fairly hassle-free (and money-free) TLS termination option. > > > lvh > >
-- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
