[Lazarus] https website for Lazarus
capricorn8159 at gmail.com
Mon Mar 13 18:27:38 CET 2017
in light of recent disclosures i would not be too optimistic about
https at this point in time since if an endpoint is compromised https
will offer no real meaningfull protection in some cases. however having
said that at least there is some degree of protection against compromise
On 13/03/2017 17:08, Tony Whyman via Lazarus wrote:
> Has anyone thought about supporting https on the Lazarus (and Free
> Pascal) websites? Firefox, for example, is getting increasingly sniffy
> about unprotected websites and for good reason.
> It would also be useful to protect the svn feeds, if only to reduce
> the risk of a man in the middle attack sneaking something nasty into
> the source code.
> Let's encrypt (https://letsencrypt.org/) seems to offer a very good
> free service for https certificates where the objective is to protect
> the connection and give reasonable confidence that you are talking to
> the named website, so there does not seem to be a cost reason why
> https is not supported.
> Tony Whyman
More information about the Lazarus