Kenneth apache.netbeans.org supports https, so once everything redirects here we should be good by default. There is a Jira to find a solution to the plugin hosting question once we go fully move over but I think that's the still TBD. Maybe find that Jira and add some comments to mention the new home for plugins should be https compatible and people will take that in to consideration
On Tue, 25 Sep 2018 18:47 Antonio, <anto...@vieiro.net> wrote: > Hi Kenneth, > > I fully agree with you. I'd add a JIRA so we can remember it, but I > won't classify this as a security problem. For me security issues have > special priority, I don't see that priority here. > > Kind regards, > Antonio > > On 25/09/18 19:16, Kenneth Jaeger wrote: > > I understand since there is no login information being sent to > > plugins.netbeans.org, that security is less of a concern, but this is a > > front facing website. It is not just used by the IDE. Browsers are > going > > to start yelling at us when we go to any http site (as I personally think > > they should be). Call me paranoid, but I think the trend toward 100% of > > web traffic being TLS encrypted is a good one. Also if > plugins.netbeans.org > > upgrades to HTTP2, it MUST be TLS then. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@netbeans.incubator.apache.org > For additional commands, e-mail: dev-h...@netbeans.incubator.apache.org > > For further information about the NetBeans mailing lists, visit: > https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists > > > >
