On 14/05/21 10:58, Petr Štetiar wrote:
Fernando Frediani <fhfredi...@gmail.com> [2021-05-11 20:13:18]:
Hi,
I am no sure https support should still be something by default in the
images as it's not something really essential
to me it's like discussion about telnet versus SSH. (Puting aside, that one
shouldn't be using password at all) If it's fine with you to send your root
password over telnet, then SSH is not essential, I agree.
FYI HTTPS wouldn't be enabled by default, it would be *available* by default,
giving users of default release images choice for management of their devices
over HTTPS, by doing so *explicitly*.
OpenWrt has quite huge community, so I hope, that having HTTPS available in
default images would bring the currently horrible UX of self-signed
certificates to wider audience which in turn might foster improvements.
-- ynezz
I quite frankly don't understand and don't like half-measures like this.
It accomplishes... more harm than good.
Most end users won't even notice a difference, apart from the less free
space.
I think most people that know and look for https will also be able to
install a couple packages (or even use imagebuilder and whatnot), and
that's what they have been doing for the last few years.
This is not something that requires a kernel recompile or something, so
why adding it do default package list and leave it disabled.
Plus of course you get people that don't want https for some strange
reason and will not like you adding "bloat".
I'm personally in the "encrypt all the things" camp. I fully support a
switch to https only.
But it should be a default, not a "let's add stuff people might want to
enable later". Either all in or all out.
-Alberto
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
