On Fri, Jul 29, 2011 at 7:58 AM, sawyer x <xsawy...@gmail.com> wrote: > I like to work in HTTPS (and we should, really, in a secure world). Many > websites already moved to it by default such as github.com, all google > sites, workflowy.com, foursquare and more.
Those are all sites for which users log-in and keep lots of personal information. They are not reference sites. SSL prevents (or at least makes it difficult to do) proxy caching. Thus, every client needs to hit the origin server directly and idempotent requests (which is the vast majority of them) can't be served up by intermediate caching, which wastes server cycles and bandwidth. That is fundamentally bad design when the use case does not require protection of user information. The only time MetaCPAN should be forcing https is for author log-in and logged-in sessions. (I support offering it as an option, but it doesn't need to be the default). > Most of what we do online is private. Not "I want to hide this because it's > illegal" private, but "this is personal, so mind your own business" private. SSL does not hide the hostname (and port) you are connecting to; it will only hide the actual HTTP request and response. On the actual subject of whether MetaCPAN is becoming a "defacto standard" -- consider that search.cpan.org has a Google PageRank of 7. MetaCPAN has quite a ways to go before it will have that level of significance in search results. (Maybe if p3rl.org routed to MetaCPAN instead of search.cpan.org, that would help.) I think MetaCPAN is a great project and is evolving quickly, but hyperbole doesn't serve any real benefit. -- David
