On Tue, 8 Mar 2011 15:26:34 +0100, Michał Górny wrote:
On Mon, 07 Mar 2011 15:06:25 -0500
Olivier Crête <tes...@gentoo.org> wrote:
On Mon, 2011-03-07 at 20:47 +0100, Michał Górny wrote:
> Why does everyone assume it needs to be enforced? If user is
> interested in protecting his/her data, he/she can simply use
> https://. If he/she is not, there is no real reason to enforce
> slower (and not always supported) SSL.
Maybe it's not to protect the user, but to protect the Gentoo
infrastructure.. And really, SSL has been supported by every browser
for the last 15 years. And it is not in any way slow or slower than
non-SSL.
If you really think you need to force all users to use SSL, thus
assuming they're unable to make their own decisions, why don't you
restrict bugzie access completely?
Michał,
You don't seem to (or pretend not to) understand that using SSL
protects not *the user* (in which case, yes, a user is free to leave the
door to *his own* house wide open), but the Gentoo infrastructure that
is far from his own and that all of us are using. Besides, complaining
about SSL being slow is absurd considering how mildly interactive and
how low-traffic a typical bugzilla session is. You could do just fine
over a 9600 bps modem.
Regards,
Antoni