Forced HTTPS on web site

Sorry, it is me again with yet another improvement idea: Currently redirects non-https URLs to https, resulting in a
certificate warning because of your self-signed cert. This is scaring
away users rather than inviting them to access your web site. It does
not make a professional impression for one of Linux's most acclaimed
software packages. I do understand that you want to have an encrypted
connection when editing the wiki or administering the page as a logged
in user, but to force read-only access to be https is a bit too much, I
guess. It also creates more client and server load than necessary. Maybe
it would be a good idea to either use a commercial certificate or, if
that is too expensive, continue using the self-signed one, but only to
log in and after you are logged in. Plus, the registration and login
dialogues should show an explanation of why you use https and a how-to
for installing the cert into the most popular browsers (including a
quote of the cert's fingerprint).

It is about making it easy for users again, like in the other threads.
Me personally, I know how to import a cert, but this knowledge should
not be necessary to access your web site without being annoyed by the
warning all the time (e.g. after a browser restart). You want to make
sure to attract users and help them contribute or at least consume, not
scare them away. :-)
Alexander Kriegisch (kriegaex)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]