[X] Yes, remove them!
On 01/09/12 11:39, William Stein wrote: > ... For people setting up a > server who will user secure=True, they *should* get a properly signed > certificate, so they are likely very sophisticated users willing to do > some extra work (incidentally, I have never once in the history of > Sage heard of anybody successfully run a Sage notebook server using > secure=True with a valid non-self-signed certificate!). > > When I originally pushed to have secure=True easily available by > default in Sage for all users, I (1) didn't understand that > secure=False is safe on localhost, (2) didn't understand how easy ssh > port forwarding is, and (3) didn't realize how important (and > socially difficult) it is to have a non-self-signed certificate. I would argue that self-signed certificates are safer than "valid" CA-signed ones, since, in both cases there's exactly one opportunity for a MITM attack and in the latter, you additionally have to secure the entire CA infrastructure. That has absolutely no bearing on this issue, though. The effort needed to keep all this stuff in sage is better spent elsewhere. -- To post to this group, send an email to sage-devel@googlegroups.com To unsubscribe from this group, send an email to sage-devel+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-devel URL: http://www.sagemath.org
