This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Proposed patch for web site: update most links to HTTPS
- From: Andrey Repin <anrdaemon at yandex dot ru>
- To: Adam Dinwoodie <adam at dinwoodie dot org>, cygwin at cygwin dot com
- Date: Mon, 25 Apr 2016 16:05:17 +0300
- Subject: Re: Proposed patch for web site: update most links to HTTPS
- Authentication-results: sourceware.org; auth=none
- References: <BL2PR03MB228A4FE7B2CCA51E5FF5163DF610 at BL2PR03MB228 dot namprd03 dot prod dot outlook dot com> <1074467721 dot 20160425030008 at yandex dot ru> <BL2PR03MB22817533DCF96CD385BD883DF620 at BL2PR03MB228 dot namprd03 dot prod dot outlook dot com> <48360918 dot 20160425084918 at yandex dot ru> <20160425124332 dot GO2345 at dinwoodie dot org>
- Reply-to: cygwin at cygwin dot com
Greetings, Adam Dinwoodie!
> Secure connections historically had a high overhead, sure, but that's
> very rarely the case nowadays. Certainly my experince of loading the
> Cygwin web page is that there's no perceptible difference between the
> http and https versions. Adam Langley (a senior engineer at Google)
> wrote an article back in 2010 about how TLS is now computationally
> cheap[0]; it's only gotten cheaper since.
Typical marketing bullshit.
> [0]: https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
> See also https://istlsfastyet.com/, which has a lot of discussion about
> the impacts of TLS, but the short answer is "yes".
If YOUR experience was positive, mine was always negative, especially with
cygwin.com, down to being forced to switch to plain HTTP to even load any
page.
> At the very least, the Cygwin website should be using protocol-
> independent links, meaning users accessing the website using https
> aren't switched to http when they click on a link
That was my point, exactly.
> (i.e. link to
> "//cygwin.com/path/to/page" rather than "https://cygwin.com/..." or
> "http://cygwin.com/...").
Just /path/to/page is enough. Even necessary considering cygwin.com is
multi-domain site.
> But I agree with Brian: the Cygwin website should use https everywhere
> unless there's some good, specific reason why it's a bad idea. And "TLS is
> slow" hasn't been a good reason for years.
See above.
--
With best regards,
Andrey Repin
Monday, April 25, 2016 16:01:59
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple