Re: [sword-devel] Mailing list archives are insecure!

Hello, David Haslam writes: > It remains the case that the list archive / server has an insecure connection > that uses only HTTP. > > We should upgrade it ASAP to use HTTPS to avoid all the Browser > Warnings! Do you *still* not understand what's going on? > So are you saying that nobody at C

Re: [sword-devel] Mailing list archives are insecure!

Is your concern about this because of the HTTPS errors? Or is your concern that the archives are public? If the former, then you are seeing a proper error message for a user error. If the latter, this is a public list. It's archives have always been public and do not require a login. --Greg On

Re: [sword-devel] Mailing list archives are insecure!

It is true that it would be nice if the footer on the mailing list could be updated to show an HTTPS URI instead of an HTTP one. Then users would get a little bit of protection if they follow the links while using a public hotspot. Is that possible? On 2025-05-02 14:51, Greg Hellings wrote: T

Re: [sword-devel] Mailing list archives are insecure!

So are you saying that nobody at CrossWire cares a diddly squat that strangers can connect straight to the archives without having to login via a secure connection? Best regards, David Sent with [Proton Mail](https://pr.tn/ref/SWXT9A5YZ67G) secure email. On Friday, May 2nd, 2025 at 7:51 PM, G

Re: [sword-devel] Mailing list archives are insecure!

The "insecure" connection message given by browsers is not a claim of the connection itself being suspect to man-in-the-middle attacks. Rather, it is a claim that the browser could not verify the validity of the website domain through authoritative sources. The connection is nonetheless secure. The

Re: [sword-devel] Mailing list archives are insecure!

There is nothing insecure about it. We allow both HTTP and HTTPS connections. If you use the incorrect hostname over HTTPS you get an invalid cert, because the hostname you told the browser to use does not match the cert. The solution is to use the correct hostname. If you use HTTP some browsers

Re: [sword-devel] Mailing list archives are insecure!

Another point is this, that using the unexpected [trail](https://lists.crosswire.org/pipermail/sword-devel/) which Leo gave me also bypasses the introduction page and takes one straight to the table of archives with a row for each month. Aside: What happened before October 1999 ? Best regards,

Re: [sword-devel] Mailing list archives are insecure!

It remains the case that the list [archive / server](http://crosswire.org/mailman/listinfo/sword-devel) has an insecure connection that uses only HTTP. We should upgrade it ASAP to use HTTPS to avoid all the Browser Warnings! It's 2025 now. Nobody nowadays should still be using HTTP. With all

Re: [sword-devel] Mailing list archives are insecure!

Fair enough of a disclaimer. > On May 2, 2025, at 10:39 AM, Nathan Phillip Brink > wrote: > > I think Leo clearly enough said that he doesn't know the actual URI but that > if this organization followed a common pattern, they might have chosen that > URI. I don't think that's a hallucination,

Re: [sword-devel] Mailing list archives are insecure!

It’s documented on the bottom of each email. The page that it goes to has a link to the archive. No prefix is used. > On May 2, 2025, at 11:45 AM, David Haslam wrote: > > DM must be a fan of Jeremy! > > Leo: Diddly Squat Farm: A popular British reality television series that > premiered in 2

Re: [sword-devel] Mailing list archives are insecure!

I think Leo clearly enough said that he doesn't know the actual URI but that if this organization followed a common pattern, they might have chosen that URI. I don't think that's a hallucination, but I don't know the jargon. On 2025-05-02 9:18:05 GMT-05:00, DM Smith : >Leo is hallucinating. This

Re: [sword-devel] Mailing list archives are insecure!

DM must be a fan of Jeremy! > Leo: Diddly Squat Farm: A popular British reality television series that > premiered in 2021 on Amazon Prime Video. The show documents the life of > Jeremy Clarkson, a well-known journalist and television presenter, as he > attempts to run a farm in the Cotswolds r

Re: [sword-devel] Mailing list archives are insecure!

David, Troy explained it. You can have any prefix you like and the CrossWire web server will try to serve it as if there were none if it doesn’t match a known list of services. diddly-squat.crosswire.org/pipermail/sword-devel That Leo’s

Re: [sword-devel] Mailing list archives are insecure!

That doesn’t explain why the URL worked perfectly well and gave access to this very list. Explain that if you can. No LSD is required. David Sent from [Proton Mail](https://proton.me/mail/home) for iOS On Fri, May 2, 2025 at 15:18, DM Smith <[dmsm...@crosswire.org](mailto:On Fri, May 2, 2025

Re: [sword-devel] Mailing list archives are insecure!

Leo is hallucinating. This is a well known problem of GPT agents. > On May 2, 2025, at 8:13 AM, David Haslam wrote: > > Hi Troy, > > That's a curious question! > > Me: What is pipermail? > > Leo: Based on the search results, **pipermail** appears to be a term related > to electronic mailing

Re: [sword-devel] Mailing list archives are insecure!

Hi Troy, That's a curious question! Me: What is pipermail? Leo: Based on the search results, **pipermail** appears to be a term related to electronic mailing lists, specifically the archives of mailing lists managed by the GNU Mailman software. According to Wikipedia, GNU Mailman is a compute

Re: [sword-devel] Mailing list archives are insecure!

Don't use 'lists' dot crosswire.org.  Where did you find that hostname?  We have a catchall, so you can say https://bettyboop.crosswire.org if you want, but the certificate won't be value for that domain. On 5/2/25 6:46 AM, David Haslam wrote: If you visit (eg) https://lists.crosswire.org/pipe

[sword-devel] Mailing list archives are insecure!

If you visit (eg) https://lists.crosswire.org/pipermail/sword-devel/ The first thing you notice is a Browser Warning that the URL is insecure. The https connection falls back to insecure http Please would someone with access to our server make the necessary changes for our list archives. Best r