On 2015-12-08, szs <s...@protonmail.com> wrote: > So with letsencrypt here, how about making the main site > default to https? Is this a good idea or is this a great idea?
I would like it a lot if www.openbsd.org and cvsweb.openbsd.org switched to https, but I'm not in a position to make it happen. Much of the discussion seems silly: We don't do it because it doesn't provide perfect security? That's exactly the opposite approach to Theo's idea about security in OpenBSD. And encrypting everything makes mass surveillance harder. The true elephant in the room is that I can't get the current OpenBSD source tree securely. (Well, _I_ can if push comes to shove, but the general user community can't.) CVSync? No integrity or authenticity. AnonCVS over SSH? Nope, no integrity or authenticity because the mirror itself got the tree over CVSync. Assuming you trust the mirror in the first place. -- Christian "naddy" Weisgerber na...@mips.inka.de
