[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: hosting lua.org
- From: Rob Kendrick <rjek@...>
- Date: Wed, 23 Aug 2023 08:50:12 +0100
On Tue, Aug 22, 2023 at 09:44:30PM +0000, Paul Ducklin wrote:
> The lua-users.org content needs to become a proper HTTPS site with no inept-looking certificate error when anyone with a browser built within the last few years tries to visit it securely.
Your browser is buggy, or your links to the site are wrong. Yes, it
would be nice if it had HTTPS, but if you see an error it is absolutely
not the site's fault. No browser should be assuming HTTPS unless an
HSTS header has been set, which it won't have.
> Proper HTTPS on a web server should be considered as unarguable as banning smoking in the workplace, and failing to provide it by default for your users can be considered as disrespectful and as reckless as not wearing your seatbelt when in the rear seats of an automobile. (You wear rear seatbelts to protect the person in front of you from being smashed to pieces by the momentum of your head and body in the event of a crash, even if you couldn’t care less what happens to you.)
I'm not sure this metaphore holds, but the lack of HTTPS on
lua-users.org is absolutely nothing to do with the web hosting provided,
but a decision made by the owner of that website (which is neither me
nor the Lua team.)
B.