X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:references
	:mime-version:content-type:in-reply-to; q=dns; s=default; b=a10/
	JTFq8DZDkHc3H6PrlsBUThfluWk5/j+2lnAvzeRfmSZ1ubsDMCu14UOMthukve52
	DZSW5fjbCTdLLCGwiXGHw7C6lcgD2Ujt18Win2YNbKP0rtVfKNB0Fr6N3ptgQgNh
	rj0H9M48OCvDvvzxLDweqEZrmNMUFGRcP+LVb+o=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:references
	:mime-version:content-type:in-reply-to; s=default; bh=gyfU5BifTE
	S8Pl/QX2kCQ9TOADg=; b=Hqaa61ePtw3kvL7U+giwEhyr+QSURsqRIH3HDVQ0ao
	0Lebi3ND4SRI7Alu2xsXNEuyre/FAhNRUOJT/+3E/ThkOmjJPSK0eeywukSDbW+d
	f8n+F7r/ftc6XNf57Zku7mrQxrtz/fTrPIhBDtBvz79IsFohVG8xwhoLT5pAip1W
	0=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=0.1 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=adam, canonical, HTTPS, captured
X-HELO: mail-wm0-f65.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20130820;        h=x-gm-message-state:date:from:to:subject:message-id:references         :mime-version:content-disposition:in-reply-to:user-agent;        bh=rrRZjkWtc4xkNM8EqteDcUdJZ4bNMU53q4LuYHOKidw=;        b=bGfMPH42AkVb6vWnctq8HmYKVA0ShFCndmjGJ0eM+ox1n5RkoVe4C2SfhNGQAtnOrk         YwWgZA9oCHwS+i6LDJpyHILtyNLz342vqZrUzeBeFbZfg0YqvbhK7ZQ41LT/SjyMpI6k         FEj9Q8EMe//bj0K4we8ED8Kv7QOFU8RQieA2sKJOXMeU0mJmpmz1KyH7O8lFYVuYuel3         iVT0VorEQFvsov+FwT8MOOB/kg2h4CjLyfDQHDY3XTs49QhX5+JQnP1j2A/DKrzyIRg9         ELnby3WVTerY+7MgzG+z+dbN4r/jHc2+ge3oo5sLZVRwAuoDISwIi5iVkPb+zYUmsw9M         FwRA==
X-Gm-Message-State: AOPr4FUuTxQUgJV+DrHtJ2PRntojcE8j8bPciJukV/KMRPAt018ndSHaZOvxqwnn2Ox70g==
X-Received: by 10.28.171.8 with SMTP id u8mr11489457wme.97.1461588216852;        Mon, 25 Apr 2016 05:43:36 -0700 (PDT)
Date: Mon, 25 Apr 2016 13:43:32 +0100
From: Adam Dinwoodie <adam AT dinwoodie DOT org>
To: cygwin AT cygwin DOT com
Subject: Re: Proposed patch for web site: update most links to HTTPS
Message-ID: <20160425124332.GO2345@dinwoodie.org>
References: <BL2PR03MB228A4FE7B2CCA51E5FF5163DF610 AT BL2PR03MB228 DOT namprd03 DOT prod DOT outlook DOT com> <1074467721 DOT 20160425030008 AT yandex DOT ru> <BL2PR03MB22817533DCF96CD385BD883DF620 AT BL2PR03MB228 DOT namprd03 DOT prod DOT outlook DOT com> <48360918 DOT 20160425084918 AT yandex DOT ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <48360918.20160425084918@yandex.ru>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-IsSubscribed: yes

On Mon, Apr 25, 2016 at 08:49:18AM +0300, Andrey Repin wrote:
> Greetings, Brian Clifton!
> > -----Original Message-----
> > From: Andrey Repin
> >> Greetings, Brian Clifton!
> >
> >>> Hi folks,
> >
> >>> I have a proposed change for the web site. This patch (see below) will 
> >>> update most of the urls to HTTPS. In many cases there was a redirect; 
> >>> for those I captured the new canonical address.
> >
> >> Please no.
> 
> 
> > Can you please elaborate on why? I'm confused on why you prefer that Cygwin
> > links users to non-secure versions of pages? (which in many cases will be
> > redirected anyways).
> 
> I prefer it not forcing either, and only force secure connection, when absolutely
> necessary. I.e. when downloading the setup binary.
> 
> > Links which ONLY work on http *have not* been changed and there are no other
> > changes in this patch.
> 
> Secure connections been painfully slow and just annoying, when all you need is
> a quick glance at the documentation.
> All internal links must be relative to the domain and not force either
> protocol or the domain name.

Secure connections historically had a high overhead, sure, but that's
very rarely the case nowadays.  Certainly my experince of loading the
Cygwin web page is that there's no perceptible difference between the
http and https versions.  Adam Langley (a senior engineer at Google)
wrote an article back in 2010 about how TLS is now computationally
cheap[0]; it's only gotten cheaper since.

[0]: https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html

See also https://istlsfastyet.com/, which has a lot of discussion about
the impacts of TLS, but the short answer is "yes".

At the very least, the Cygwin website should be using protocol-
independent links, meaning users accessing the website using https
aren't switched to http when they click on a link (i.e. link to
"//cygwin.com/path/to/page" rather than "https://cygwin.com/..." or
"http://cygwin.com/...").  But I agree with Brian: the Cygwin website
should use https everywhere unless there's some good, specific reason
why it's a bad idea.  And "TLS is slow" hasn't been a good reason for
years.

Adam

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple