On 04/16/2015 08:57 AM, Alexander Couzens wrote:
Hi,
review isn't forcing https. Can we please do this? Otherwise stealing cookies
is posibble.
Review supports https. There is atm an CACert based certificate and CaCert
isn't included in the default root keychain.
Thus a normal user will shown a big fat warning, not to connect to
review.coreboot.org,
because the certificate is unknown and untrusted.
I don't have a problem with that and I like CaCert. But if CaCert is the reason
not enabling https-only,
than let us change to StartSSL or someother SSL authority.
Best lynxis
PS. Same issue on www.coreboot.org, but stealing review is much more worse than
stealing wiki cookies.
PPS. Please write a +1 if you're supporting this opinion.
+1
--
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645
http://www.raptorengineeringinc.com
--
coreboot mailing list: coreboot@coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot
