[PD-dev] moving to git

[IOhannes m zmoelnig]

On 2015-10-14 22:30, Jonathan Wilkes via Pd-dev wrote:
> Oh wow, I guess it's been awhile since I've used Sourceforge.  It looks like they just offer svn (which isn't secure) and http by default.  Yikes.
> It's 2015.  Users should get an encrypted connection to repos by default, no exceptions.
> It's extraordinary to me that you'd let the limitations of StartSSL's free cert dictate the security of your users.  But if that really is the limiting factor, why can't you just wait half a year for EFF's "Let's Encrypt" project to ship?  Then you can get certs for however many subdomains you want, and a whole class of potential attacks on your users will disappear.

whatever happens in half a year from now will happen then.
we might switch to let's encrypt, use some chinese wildcard certificate
or roll back to self-signed certs.

> In the meantime, please don't teach users that it's ok to ignore basic internet security (plus the big, red browser warnings) just because you don't feel like paying money or asking one of many capable free-software organizations for help.

yawn.
i'd rather teach people to learn the basic internet security
(which is *not* about big, red browser warnings for anything as
fundamentally flawed as a commercially driven certificate chain).

in the meantime you could say "thanks, for doing a lot of work".

your welcome.

fgamsdr
IOhannes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.puredata.info/pipermail/pd-dev/attachments/20151015/e01b4731/attachment-0001.sig>