>
> On Mon, Aug 22, 2016 at 6:49 PM, Maxim Konovalov <maxim@nginx.com> wrote:
> On 8/22/16 7:41 PM, B.R. wrote:
> > In 2016, stating that content served over HTTP is 'secure' blows my
> > mind and kills your credibility.
> >
> Who did that? What's his name?
>
Someone named 'Maxim Konovalov'. Sounds familiar?
See below:
On Mon, Aug 22, 2016 at 5:44 PM, Maxim Konovalov <maxim@nginx.com> wrote:
> On 8/22/16 6:40 PM, Richard Stanway wrote:
> > 1. You could provide insecure.nginx.org http://insecure.nginx.org
> > mirror for such people, make nginx.org http://nginx.org secure by
> > default.
> >
> No, thanks. It is secure by default and HTTPS by default doesn't
> add any value.
>
---
On Mon, Aug 22, 2016 at 7:30 PM, Maxim Konovalov <maxim@nginx.com> wrote:
> On 8/22/16 8:23 PM, Richard Stanway wrote:
> > See https://nginx.org/en/linux_packages.html#stable
> >
> > PGP key links are hard coded to http URLs:
> [...]
> > Please download <a href="http://nginx.org/keys/nginx_signing.key">this
> > key</a>
> [...]
> Yes, I see. It should be fixed. Thanks.
>
Not from my side: I still see HTTP links on the following webpage:
nginx.org/en/linux_packages.html, both in the HTTP & HTTPS versions (2
'this key' links, 1 'nginx signing key').
Also true for keys delivered on http://nginx.org/en/pgp_keys.html. There
might be some other places, though.
---
*B. R.*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx