Am 2016-08-22 17:44, schrieb Maxim Konovalov:
On 8/22/16 6:40 PM, Richard Stanway wrote:
1. You could provide insecure.nginx.org <http://insecure.nginx.org>
mirror for such people, make nginx.org <http://nginx.org> secure by
default.
No, thanks. It is secure by default and HTTPS by default doesn't
add any value.
2. Modern server CPUs are already extremely energy efficient, TLS
adds negligible load. See https://istlsfastyet.com/
Sorry, failed to find any power consumption bechnmarks here.
Well, in theory, a nation-state or someone in a user's network-path
could probably inject a trojaned binary/source-file (and also replace
the content of the checksum-file etc.).
But it's IMO not worth arguing about these things.
Also, an asteroid could hit earth and everything could be over next
week.
nginx doesn't provide an auto-update mechanism that stupidly downloads
and accepts all and everything somebody makes available under some
spoofed address.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
