launchpad-users team mailing list archive

Thread
Date

Re: https ? why?

To: Karl Fogel <karl.fogel@xxxxxxxxxxxxx>
From: Lukasz Szybalski <szybalski@xxxxxxxxx>
Date: Wed, 15 Apr 2009 09:08:45 -0500
Cc: launchpad-users <launchpad-users@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <804e5c70904150646j299900btd45c401633e8aa4e@mail.gmail.com>

On Wed, Apr 15, 2009 at 8:46 AM, Lukasz Szybalski <szybalski@xxxxxxxxx> wrote:
> On Tue, Apr 14, 2009 at 3:48 PM, Karl Fogel <karl.fogel@xxxxxxxxxxxxx> wrote:
>> Monty Taylor <monty@xxxxxxxxxxxx> writes:
>>> Agree. But, as another for instance, having download tarballs only
>>> accessible via https makes it a bit harder for places where you're
>>> grabbing those via wget or the like (you have to pass the
>>> ignore-invald-cert option)
>>
>> Yup (plus John Pyper's points in an earlier mail).
>>
>> I can't promise that this will change anytime soon, since our releases
>> are planned out for a while in advance -- but it would help to have a
>> bug to track this issue at least.  Lukasz, would you be willing to file
>> a bug about this (I searched for one and couldn't find any), and make
>> sure the bug points back to this thread, which is
>>
>>  https://lists.launchpad.net/launchpad-users/threads.html#04962
>>
>
>
> The primary reason I'm raising this issues is speed of launchpad.net.
> When I browse other packages, view their source code, check out the
> revision history, view the bugs, check out the blueprints I don't need
> it to be secured over https. http is good enough.
>
> For each new project on launchpad there is 1 developer (he needs
> https) and potentially 20 users that want to download the
> software.(numbers might very) So 5% of launchpad users at least
> require https, while everybody else (95%) needs http because they want
> their information fast. I think the trade off between speed vs
> security is seen here.
>
> So lets get to the point. You mentioned that setting it up so that
> https is used only if users is logged is a bit tricky vs implementing
> https for all was immediate?  I would think this shouldn't be that
> hard(maybe 2-3 days) so I guess maybe we should start talking how
> should it be setup/ vs what needs to be done?
>
> Is the "logged in user" pages separated enough so that they can be
> accessible only through https(redirected to https based on url) or ?
>


http://bugs.launchpad.net/launchpad/+bug/361739

:)

References

https ? why?
From: Lukasz Szybalski, 2009-04-14
Re: https ? why?
From: Karl Fogel, 2009-04-14
Re: https ? why?
From: Monty Taylor, 2009-04-14
Re: https ? why?
From: Karl Fogel, 2009-04-14
Re: https ? why?
From: Lukasz Szybalski, 2009-04-15