On August 5, 2022 3:30:57 PM AKDT, Peter <peter at pajamian.dhs.org>
wrote:>The main site doesn't currently support https but the repositories do,
also all packages are cryptographically signed and the signing keys are served
off of a secure server.
>
>The info on the site is public information that doesn't really need to
be secure.
>
In which case any actual content on the said site becomes injected with
ultra-persistent linux-targeted adware, spyware, and pop-ups by any given third
party in transit, which craps up my phone and slows down my desktop browser to a
crawl, and then I have to update my adblocker, re-up all my security settings
and fix all the other things that break due to spam malicious advertising on the
internet. Plain old http is simply maddening these days. Leave the front door
wide open for online hustlers and thieves, yeah, some people have bank accounts
or manage actual money on their computers.
I would highly encourage a use of basic https all around: certbot/letsencrypt is
currently free and there are many other low-cost options for https in
conjunction with any given hosting service or platform.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20220805/20a32fbe/attachment.htm>