[Lazarus] https website for Lazarus

Shaun O'Connor capricorn8159 at gmail.com
Mon Mar 13 18:27:38 CET 2017


in light of recent disclosures i would  not be too optimistic about 
https at this point in time since if an endpoint is compromised https 
will offer no real meaningfull protection in some cases. however having 
said that at least there is some degree of protection against compromise 
of data.


On 13/03/2017 17:08, Tony Whyman via Lazarus wrote:
> Has anyone thought about supporting https on the Lazarus (and Free 
> Pascal) websites? Firefox, for example, is getting increasingly sniffy 
> about unprotected websites and for good reason.
>
> It would also be useful to protect the svn feeds, if only to reduce 
> the risk of a man in the middle attack sneaking something nasty into 
> the source code.
>
> Let's encrypt (https://letsencrypt.org/) seems to offer a very good 
> free service for https certificates where the objective is to protect 
> the connection and give reasonable confidence  that you are talking to 
> the named website, so there does not seem to be a cost reason why 
> https is not supported.
>
> Tony Whyman
>
> MWA
>



More information about the Lazarus mailing list