-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 12/18/2013 07:32 AM, Sam Tuke wrote: | On 18/12/13 00:01, Micah Lee wrote: |> The problem is you're wanting to make GnuPG go mainstream but then you end |> up with people seeing this: http://i.imgur.com/53nvUqm.png | | Yup. That should be avoided. However there are only a few pages that | critically need to be https it seems to me. Anywhere that source files are | provided clearly needs to be secure. Ideally the manual pages too. But the | front page has no need in my opinion.
Well, completely aside from the fact that "encrypt everything you can" is a good default policy, providing a consistent user experience is a good reason to make https the only access method. At very least, making sure that if a user enters the site via https that they stay on https (protocol-agnostic links/URLs). A better question would be why would you not want to serve all the pages via https? Please don't say "higher CPU usage" because the difference is negligible on any modern system. Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQEcBAEBCAAGBQJSseJiAAoJEFzGhvEaGryET34H/1CP9ZXka+/6Jh4RRu+bWHQy ye1aUJmqqsBG/hYlRi3Bz3UhmyLiQUtIE9CyiXx3cU88Cmb+u2MsoiLwasFxxRtU FIik1zi4iudnkpZOzKKzlHSe1rb8qvOCB4RUYX/E9F990mU5dCL02bKhHMbqIhjb +xkYGnje3bSv/kvEmPVb862tQD2k9fLswlAmdDtXClMbG6ZQyZv3olfZ87RpN2EC VZGx4FVIyVjnAlGmTs2/U5U6oMdzZp5ScAu4z2S2FwnGc98ZNn1JAzGNh8BlKVix lw/3Fhzovjhjbxvy/PxNN3prmgf2IOPvqkl3gvdt2xHkEg9KqBsaiL8/HBs7yz0= =m2a9 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users