I have tried to come up with some very good solutions, but it appears that we must lay (another) burden on packagers to realize this.
1) If an authenticating web app foo is installed and SSL is not installed then "secure by default" tells us that the user should see a splash page explaining that it would be insecure to not use SSL but that if you read README.NOSSL in the package then there are instructions to enable the unencrypted access anyway. OR there is a high prioryty quiestion to the admin during installation that results in doing the right thing. The default should be to be secure IMHO. I guess dpkg- reconfigure should re-ask that question and set things up according to the answer. 2) 1) takes care of 2) as well 3) Not sure what that means in terms of interaction with the admin 4) If SSL is installed then non-ssl access to the app should result in a redirect to the SSL url according to the principle of least surprise, and possebly also bug #1. In apache there is a number of ways to case configuration based on the presence of modules and so on. For ther httpds I don't know... Regards, Nicolai -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/695857 Title: ssl protection not default for sensitive packages -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
