[onerng talk] Suggestion: HTTPS for onerng.info?

[Jim Cheetham]

Thanks for noticing that; when this was first set up, there was no option
for HTTPS. It would indeed be better from at least a privacy perspective to
make the main site secure. I'll have a look through the documentation and
see how to get this done.

The important files that are available for download are served directly
from the github repository over HTTPS already, rather than being on the
website. It's possible to attack/mitm the site and change the checksums and
links, which isn't perfect of course.

Ultimately, we have to trust github themselves to deliver the correct
content. I may look at diversifying and having the repositories stored in
multiple separate services, not that I expect anyone to actually reconcile
them in practice, but it's something we can do that is a technically valid
way to reduce risk.

-jim

On Thu, Aug 30, 2018 at 1:32 AM redneonglow <danq at runbox.com> wrote:

> OneRNG <http://lists.onerng.info>
>
> [image: Photo of redneonglow]
> <http://lists.onerng.info/p/5WyWhAPfbmR938To1KBro7>
> *Suggestion: HTTPS for onerng.info?*
> <http://lists.onerng.info/r/topic/5bwvc89kiTJQ8zbacsYm8L>
> by *redneonglow* <http://lists.onerng.info/p/5WyWhAPfbmR938To1KBro7>
> in *OneRNG Talk* <http://lists.onerng.info/groups/onerng-talk>
> ------------------------------
> I found this:
>
> https://*help.github.com*
> ​/articles​/securing​-your​-github​-pages​-site​-with​-https​/
> <https://help.github.com/articles/securing-your-github-pages-site-with-https/>
> ------------------------------
> ⮪ Reply
> <onerng-talk at lists.onerng.info?subject=Re%3A%20Suggestion%3A%20HTTPS%20for%20onerng.info%3F>
>   🖂 New topic <onerng-talk at lists.onerng.info>   View topic…
> <http://lists.onerng.info/r/topic/5bwvc89kiTJQ8zbacsYm8L>
> Unsubscribe
> <onerng-talk at lists.onerng.info?subject=Unsubscribe&body=Hello%2C%0A%0APlease%20remove%20me%20from%20OneRNG%20Talk%0A%3Chttp%3A//lists.onerng.info/groups/onerng-talk%3E%0A%0AThank%20you.>
>  •  Switch to a daily digest
> <onerng-talk at lists.onerng.info?subject=Digest%20on&body=Hello%2C%0A%0APlease%20switch%20me%20from%20receiving%20one%20email%20per%20post%20to%20the%20daily%0Adigest%2C%20which%20summarises%20the%20all%20the%20posts%20made%20each%20day%20in%0AOneRNG%20Talk%0A%3Chttp%3A//lists.onerng.info/groups/onerng-talk%3E%0A%0AThank%20you.>
>
>    - Privacy <http://lists.onerng.info/policies/privacy/>
>    - Acceptable Use <http://lists.onerng.info/policies/aup/>
>    - Terms of Service <http://lists.onerng.info/policies/tos/>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20180830/e93f3345/attachment.html>