I have also voiced concerns to OpenBSDEurope and I also have not ordered OpenBSD 4.7:
On 22 May 2010 01:00, ropers wrote: > You seem to have migrated to a new e-commerce system; I'm not sure I > like having to create an additional account and remember yet another > password. Before I just plugged in my credit card details and was > done. > > If I do create an account with you, would I have to use the same email > address I used when I ordered 4.6 to avail of the account? Could I > change it later? What really scared me however was this: > NB: Also, on your order/checkout page, the link doesn't turn into a > HTTPS one until *after* the user has entered their password. This > can't be good. To which they replied: On 22 May 2010 11:01, Lyn Done wrote: > Sorry that you have concerns about buying from us. > > We have moved to a new, more secure ecommerce system which is compliant > under PCI-DSS, so that you need have no concerns about the security of > entering your personal or card details. We were unable to transfer across > the information from the old system, so that yes, you can use your previous > details on the new site or different details - you can change this > information at any time in the future. Once you enter any information on the > login page, then it forces an https call, so the site is totally secure with > your details. I admit that I'm a bit ignorant here, as I've myself never administered an SSL web site, but I am not convinced by this: Doesn't the above just mean that it switches to HTTPS *after* transmitting my information in the clear? Or can someone else explain if and/or how the above is sane? > I understand your worry about 'creating an account', however you are only > giving us the address details that we need to ship to you, and we allow you > to enter a password, so that you can return to the site, and check orders, > and of course when you buy from us again, you don't have to enter the detail > again... I find having to deal with another password and account and having to trust another person to safeguard my personal information they keep on file and online long after the order is fulfilled much more annoying than having to type in my address and payment details again. Some people find it more convenient to create additional accounts, or even log in with their Google or Facefook accounts (gah! yeuch!). If anything, it should be my choice whether I want to do that. /my 2 cents regards, --ropers
