[oi-dev] HEADS UP: HTTPS available on pkg.openindiana.org

Nikola M minikola at gmail.com
Sun Aug 14 08:57:28 UTC 2016


On 08/13/16 08:47 PM, Reginald Beardsley via oi-dev wrote:
> Could you describe the actual problem?  Are there browsers that can't use https and are actually useable?
>
> I tried http://www.opendindiana.org and it seamlessly switched over to https.  So what is broken?

You described it.
In practice maybe someone would like to still have an option opening
http site and not be forced into https.
http also uses less CPU power to manage requests then https, etc. Even
if redirection works.

I generally never got that 'all https' thing, even forcing https can
help getting site contents as it is, without possibility of interfering
on delivery.  I got used to see https as optional and on login,edit
pages etc, but it may be that differences between http and https in CPU
use are small enough, even some major pages with large visit numbers
continue to use http (like Ebay) possibly for exactly less CPU/server
use and also legacy clients (set top boxes , older phones with older
cyphers/certificates etc.)

Also, someone opening site without 'www' would maybe like opening it
instead being transferred to www site where is it now. Actually
openindiana.org used to work since recently, without being redirected to
www.openindiana.org, that also changed.
It's worth mentioning, those are noticeable changes.
Anyway with 'all https', at least login and edit pages are encrypted.

Noticable, dlc.openindiana.org does not work with https, even optionally.
Actually don't think it's a problem, but only if Hash (.sha256sum) files
or hash numbers are available from https location/site, so one can
safely get sha256sum and check with sha256sum -c *.sha256sum after
download, or have .sha256sum files signed with GPG/PGP key.





More information about the oi-dev mailing list