Hi Nicolas, Nicolas Goaziou <m...@nicolasgoaziou.fr> writes:
> GPG signing tags is OK, but I wouldn't like to request every commit to > be signed. Agreed. >>> I know that https can be a bit tedious to setup so I am not asking for it >>> (though I do think it would be great if it was enabled on the site in some >>> fashion). >> >> HTTPS is not so tedious these days with Let's Encrypt. >> >> https://letsencrypt.org/ >> >> We should set up HTTPS as well. > > It would be nice, indeed. I'm Cc'ing Bastien for his opinion on the > matter, and a possible step forward. I discussed possible server enhancements with Robert Klein a few months ago. I'm considering paying for a digitalocean instance, with https via letsencrypt for both the website and git. I'm also considering switching from our current git setup to using Gogs (https://gogs.io): this would ease the process of adding new contributors, welcoming more org repositories, etc. The other solution would simply to use https://savannah.gnu.org. One remaining problem for both gogs and savannah is to ensure web references to commits are correctly redirected, which I think is one line of nginx configuration. I'm curious to know what people think about the switch to something like gogs*. Thanks, * gitlab seems too heavy, and I'm more experienced in maintaining gogs instances than gitlab instances. -- Bastien
