On 20/11/20 20:23, Paul Spooren wrote:
On Fri Nov 20, 2020 at 7:35 AM HST, Adrian Schmutzler wrote:
Hi,

-----Original Message-----
From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org]
On Behalf Of Alberto Bursi
Sent: Freitag, 20. November 2020 17:32
To: openwrt-devel@lists.openwrt.org
Subject: Re: 20.xx: postponse LuCI HTTPS per default



On 20/11/20 17:17, Fernando Frediani wrote:
Hi Alberto

On 20/11/2020 13:09, Alberto Bursi wrote:

<clip>

The only thing I can accept as a valid complaint against https by
default is the increased minimum space requirements, everything else
I really don't understand nor agree with.

It's exactly this I am referring to when I talk about the extras not
the steps the user will take to enable it. So why I mentioned to leave
it as optional and easy to do for those who wish (and have space) to have
it.


Devices with low flash space (and RAM) are already receiving special
treatment (different compile options, different default packages) to lower
space footprint.

These devices can (should?) be left out of the "https by default" easily.

No, this is not an option. We certainly won't have (read "maintain")
_two_ defaults for a matter like this.

Apart from that, this discussion was not intended to discuss the various
options _again_, but to ask whether we should have "https by default" as
a _blocker_ for the next release.
Personally, since the discussion seems to be as open and unresolved as a
few months ago, I'm against making this a blocker. I'm curious where the
whole topic evolves to, but that's not the subject of this thread.

How about we use `luci-ssl` per default but set `redirect_https` to 0.
This way everyone can access in a secure way, without changing the
current user experience.

An optional combination of Luiz idea could warn the users using HTTP,
allowing to "ignore" or "activate redirect".

I think that's a feasible solution for 20.xx. Spinning up a massive
HTTPS dDNS or defining a new standard accepted in all common browsers
seems a bit out of scope, for now.

Paul


I'm not sure what you are accomplishing with this beyond increasing the default image size.

The way I see it, we either switch to https by default or we don't.

Adding luci-ssl without redirect manages to annoy both types of users for no reason imho.

It is just bloat for people using http, it's inconvenient for those that use https and would have liked the redirect to work by default

-Alberto

_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Reply via email to