Https

[Marko Oreskovic]

Dougie Richardson wrote:
> Obviously we need to protect passwords, the question was if we need to do it with HTTPS now we have verification from HTTPS at OpenID on launchpad, which is where the passwords are exchanged.
> 
> Dougie Richardson (on a "smartphone")
> dougierichardson at ubuntu.com
> 
> -----Original Message-----
> From: Marko Oreskovic <markoresko at gmail.com>
> Sent: 19 April 2009 23:32
> To: ubuntu-doc at lists.ubuntu.com
> Subject: Re: Https
> 
> Matthew East wrote:
>> On Sun, Apr 19, 2009 at 5:40 PM, Dougie Richardson
>> <dougierichardson at ubuntu.com> wrote:
>>> http://ubuntuforums.org/showthread.php?p=7101017
>>>
>>> Why are we https and not http again?
>> It was because users sent their passwords and personal information to
>> the website when logging into the wiki.
>>
>> I don't know if the fact that openid is now used means that the
>> website could be moved to http without compromising users' details.
>> Does anyone else know more?
> 
> https is great thing to protect privacy I also think that
> it is important to protect passwords and personal information of users.

It would seemed that documentation itself does not require https
but I was always glad that it exists, providing that no manual or
instructions are changed on hosts in between, until presented to user.
That way can be avoided something like sudo rm -Rf / injection in
manuals somewhere.
But, maybe documentation could also be accessed via plain http
as convenience for users connecting through proxies that does not allow
http.. But leaving https as default for the rest.
Safest way is if all is with https but i agree that allowing http will
(mostly) do no harm. Maybe just some disclaimer about http connection is
not secured and data reading not verified.