janI wrote:
And if you look at INFRA-6608, you will see a comment from andrea 3 August:
"And we will want to use it, even though there is no authentication there,
for
http(s)://www.openoffice.org
(this is mainly because we receive a steady, even if low, amount of
complaints from users who cannot browse our main site on HTTPS). "
Explaining myself: even before this became a global trend, people were
using stuff like https://www.eff.org/https-everywhere for enhanced
security. If they tried browsing http://www.openoffice.org the plugin
would automatically have rewritten it to https://www.openoffice.org and
then they would have seen a bad certificate mismatch warning. Now, on
some pages (but, as far as I can tell, not the home page or those I
checked) they may get the "mixed http/https" warning already discussed,
but this far less problematic.
I see more problematic the fact that
http://it.openoffice.org
and
https://it.openoffice.org
lead to two different sites due to rewriting. Is this something that can
be fixed, perhaps by reimplementing the same rewriting rules for HTTPS?
And a short note about the discussion: the issue is small and was
exaggerated too much. We are surely grateful to Infra for their
assistance, but at times we need to make questions to understand better.
In this case everything was then clarified, but it had to. And the only
way was to make questions and get answers. Same for the paragraph above:
it is just a question, not a sign of disrespect for Infra or Jan's work,
which we all highly appreciate.
The focus needs now to move to the wiki, since there things will be
potentially broken if we enforce HTTPS before testing it thoroughly. I
suggest that we wait to have some concrete feedback before enforcing
HTTPS: if by the next weekend nobody has given feedback on some
tests/fixes on the HTTPS version https://wiki.openoffice.org/ , it
wouldn't seem wise to me to go on with the changes.
Regards,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
