SEARCH

Enter your search query in the box above ^, or use the forum search tool.

You are not logged in.

#1 2014-07-14 19:41:10

Osaka
New Member
Registered: 2014-07-14
Posts: 3

Sitewide SSL encryption

Just an observation, I feel it would be wise to enable SSL for the entire site. This would provide confidence to users that this is the official site and that nothing has been tampered with, such as MD5 hash, etc.

Osaka

Offline

Help fund CrunchBang, donate to the project!

#2 2014-07-17 10:09:55

Osaka
New Member
Registered: 2014-07-14
Posts: 3

Re: Sitewide SSL encryption

Okay.. no interest.

You do understand that every time you login to this forum you transmit your password in plain text?
That no one can be 100% sure that the distribution they get has not been tampered with?

Offline

#3 2014-07-17 11:04:44

iMBeCil
WAAAT?
From: Edrychwch o'ch cwmpas
Registered: 2012-03-22
Posts: 1,018
Website

Re: Sitewide SSL encryption

Osaka wrote:

Okay.. no interest.

You do understand that every time you login to this forum you transmit your password in plain text?
That no one can be 100% sure that the distribution they get has not been tampered with?

TBH, I did notice your post, but in my opinion, (for example) stealing my password and my account here wouldn't do much harm to me, to #! and/or #! community. Therefore, using SSL is (might be) an overkill ...

I mean, I'm (obviously) using a nick, and not my real name; discussions are often rather relaxed ... Certainly, I wouldn't give this link to this forum in my CV?!? So, why this 'paranoid-like' request?

(Note: this is my opinion, but I might be wrong.)


Postpone all your duties; if you die, you won't have to do them ..

Offline

#4 2014-07-17 17:16:17

Osaka
New Member
Registered: 2014-07-14
Posts: 3

Re: Sitewide SSL encryption

a) Many people use the same password and user name on multiple accounts, we all know we should not be do.
b) Any news or security messages can not be verified.
c) There is no way to verify the distribution you're installing is the real one. - Yes you have the MD5 and the SHA in the ISO.

I don't think that SSL is a paranoid request, just reassurance to existing users and potential users that the maintainers of #! care about user security.

Offline

#5 2014-08-17 12:08:27

dagufri
Member
From: The Netherlands
Registered: 2013-08-09
Posts: 17

Re: Sitewide SSL encryption

Agreed Osaka, no reason not to enable SSL. I would guess that it is just a matter of that someone needs to get this done on their free time, which is limited.

Offline

#6 2014-08-17 15:09:12

Anaconda
crypto-anarchist
From: Vancouver Canada
Registered: 2008-12-04
Posts: 425

Re: Sitewide SSL encryption

Osaka wrote:

a) Many people use the same password and user name on multiple accounts

This is true, and some of them are using wifi that some nefarious person might be sniffing. I see no reason not to use https by default on this site to protect them. It's not a big issue in my opinion but still worth doing.

Also there's this now from Google. So it could help CrunchBang in the long run.


“The university is well structured, well tooled, to turn out people with all the sharp edges worn off...." Mario Savio
"Protections for anonymous speech are vital to democratic discourse". Help enforce our right to free and anonymous speech by taking the Tor challenge.

Offline

#7 2014-08-17 22:27:58

ratcheer
#! Junkie
From: central Alabama
Registered: 2013-07-23
Posts: 329

Re: Sitewide SSL encryption

I would like this site to be SSL encrypted just as I think every good web site should be.

Tim

Offline

#8 2014-08-19 15:09:59

Alad
Software Satan
Registered: 2014-02-20
Posts: 1,512

Re: Sitewide SSL encryption

I see no reason not to use https by default on this site to protect them. It's not a big issue in my opinion but still worth doing.

Therefore, using SSL is (might be) an overkill ...

http://www.troyhunt.com/2011/01/why-you … could.html

Offline

#9 2014-08-19 16:17:11

dot|not
#! Junkie
From: /dev/null
Registered: 2013-09-05
Posts: 371

Re: Sitewide SSL encryption

It's easy to implement, doesn't cost a dime and greatly improves security. Plus: We don't want to end up here.

Offline

#10 2014-08-25 09:16:35

dot|not
#! Junkie
From: /dev/null
Registered: 2013-09-05
Posts: 371

Re: Sitewide SSL encryption

Bump!

Any comment from the administration?

Offline

#11 2014-08-25 13:09:33

linuxreign
#! Junkie
From: Panama
Registered: 2011-09-05
Posts: 254

Re: Sitewide SSL encryption

+1 call me paranoid but we should have SSL Encryption....


Linux Registered User 445731

Offline

#12 2014-08-26 05:15:14

kbmonkey
#! Die Hard
From: South Africa
Registered: 2011-01-14
Posts: 879
Website

Re: Sitewide SSL encryption

I agree with site wide SSL to the extent that it is good practice. Encryption is a solution for dealing with personal information like accounts or banking, and if you are going to be posting that kind of information on a public forum, you have bigger problems to worry about.

That said, if you want SSL to login you could look at setting up a rule using HTTPS Everywhere

Offline

#13 2014-08-26 05:58:33

Alad
Software Satan
Registered: 2014-02-20
Posts: 1,512

Re: Sitewide SSL encryption

^ Rehashing the same old "that kind of information" argument ? Read a few posts up. And HTTPS everywhere doesn't work with this site:

https://crunchbang.org wrote:

Website is not available

Last edited by Alad (2014-08-26 05:59:03)

Offline

#14 2014-08-28 21:51:53

andoru
#! Junkie
Registered: 2014-02-23
Posts: 328

Re: Sitewide SSL encryption

+1


I support Universal Basic Income, and so should you, here's why. Another reason why.
Commonly asked questions about UBI
Spread the word!

Offline

#15 2014-08-30 20:44:17

dot|not
#! Junkie
From: /dev/null
Registered: 2013-09-05
Posts: 371

Re: Sitewide SSL encryption

.. still no comment?

Offline

#16 2014-08-30 20:58:19

Alad
Software Satan
Registered: 2014-02-20
Posts: 1,512

Re: Sitewide SSL encryption

^ Maybe after we get the user titles below the avatar  monkey  ops

Last edited by Alad (2014-08-30 20:58:57)

Offline

#17 2014-09-07 09:14:17

dot|not
#! Junkie
From: /dev/null
Registered: 2013-09-05
Posts: 371

Re: Sitewide SSL encryption

A week later - another bump. Could we at least get a comment on that matter?

Offline

#18 2014-09-07 10:37:46

Head_on_a_Stick
CatMod
From: A world of pure imagination
Registered: 2014-01-21
Posts: 4,568

Re: Sitewide SSL encryption

@dot|not -- I know @bobobex has been around on the forums recently (she closed a rude thread), so I don't think you'll be getting a reply here...
hmm
Maybe PM @corenomial?

Online

#19 2014-09-14 14:50:25

dot|not
#! Junkie
From: /dev/null
Registered: 2013-09-05
Posts: 371

Re: Sitewide SSL encryption

Head_on_a_Stick wrote:

@dot|not -- I know @bobobex has been around on the forums recently (she closed a rude thread), so I don't think you'll be getting a reply here...
hmm
Maybe PM @corenomial?

Of course I could PM corenominal (even though I doubt that I'd get an answer). But I'd rather have a public statement, even if it's a negative one, on that subject. Thus: BUMP!

Offline

#20 2014-09-14 14:59:37

exidux
#! CrunchBanger
From: Your screen.
Registered: 2014-09-05
Posts: 202
Website

Re: Sitewide SSL encryption

anything with a password should actually consider it...


~ When jessie hits stable you could upgrade crunchbang and keep it alive a bit longer.

Offline

#21 2014-09-15 18:45:55

zubcho81
#! CrunchBanger
From: Sofia, Bulgaria
Registered: 2012-08-12
Posts: 209

Re: Sitewide SSL encryption

+1 for SSL


Dried frog pills
As their name suggests, these are pills made chiefly from frogs, specifically the extremely poisonous ones that live in the vivarium at Unseen University and handled by the first-year students, so that if they kill one of them, not too much education has been wasted.

I use them daily! tongue

Offline

#22 2014-11-18 10:56:33

dot|not
#! Junkie
From: /dev/null
Registered: 2013-09-05
Posts: 371

Re: Sitewide SSL encryption

Two months later, another bump. Is there even a remote chance that we will ever see SSL/TLS-connectivity for the site, the forums and the repositories? Or at least a damn comment, even if it's a "No."?

Offline

#23 2014-11-18 11:01:11

chillicampari
Pinball Wizard
Registered: 2009-10-09
Posts: 2,728

Re: Sitewide SSL encryption

It's not for me to answer, but I escalated it.

Offline

#24 2014-11-18 11:03:50

dot|not
#! Junkie
From: /dev/null
Registered: 2013-09-05
Posts: 371

Re: Sitewide SSL encryption

Thanks for escalating it. (And sorry for the tone, but it's really annoying that there is total silence from 'up there'.)

Offline

Help fund CrunchBang, donate to the project!

#25 2014-11-18 11:18:43

chillicampari
Pinball Wizard
Registered: 2009-10-09
Posts: 2,728

Re: Sitewide SSL encryption

I totally understand and no worries on tone.

Offline

Board footer

Powered by FluxBB

Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.

Debian Logo