launchpad-users team mailing list archive

Thread
Date

Re: https ? why?

To: John <jpyper@xxxxxxxxx>
From: Karl Fogel <karl.fogel@xxxxxxxxxxxxx>
Date: Tue, 14 Apr 2009 16:43:29 -0400
Cc: launchpad-users <launchpad-users@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <e1b005bb0904141237gc887d73jdbfc9222c6de85a3@mail.gmail.com> (John's message of "Tue, 14 Apr 2009 12:37:34 -0700")
Reply-to: Karl Fogel <karl.fogel@xxxxxxxxxxxxx>
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux)

John <jpyper@xxxxxxxxx> writes:
> I can agree the launchpad.net should have http. At the same time, it
> should also have https. Here's my example:
>
> Say Mr. Opensource comes to the site to browse bug reports to see if
> there is a workaround or a fix for a problem he is having, or is just
> browsing the site in general to see what it has to offer. This action
> do not need https.
>
> Now if Mr. Opensource has a project on the site or wants to be a
> member of a team of some sort to colaborate on things, then logging
> into the site and doing project related functions are good to have
> secure in https.
>
> I'm sure there are other things that can be added to both sides of the
> fence, and hashing ideas out here is a good place to get your voice
> heard.

True -- in an ideal world, we'd support both, using http:// for anything
where identity doesn't matter.

Unfortunately, it's tricky to actually do that right, and there are many
other features we're working on too.  So it's https:// for now, just
because that's the "safe" option that was implementable immediately.

(On the other hand... http://dev.launchpad.net/OpenSourcing...)

References

https ? why?
From: Lukasz Szybalski, 2009-04-14
Re: https ? why?
From: John, 2009-04-14