[Qgis-psc] Encrypting qgis sites

Richard Duivenvoorde richard at duif.net
Sun Nov 15 08:46:38 PST 2015


On 15-11-15 16:37, Tim Sutton wrote:
> Hi
> 
>> On 15 Nov 2015, at 17:16, Paolo Cavallini <cavallini at faunalia.it
>> <mailto:cavallini at faunalia.it>> wrote:
>>
>> Hi all,
>> what is the current state of encryption in our websites?
>> Has someone experience with https://letsencrypt.org/howitworks/ ?
>> Should we go down this route? I have seen some criticism about it, but
>> overall it seems an improvement over the usual approach.
> 
> I’ve been watching it from the side lines - last I checked the certs
> were not available for general consumption - maybe that is changed now…
> 
> I think in principle we should encrypt everything we possibly can….

I renewed our (free) certificate some months ago, and put it on our servers.

We only do https for hub.qgis.org and plugin.qgis.org login at the moment.

Not sure if we should/could encrypt everything. Already now sites are
pretty slow. I think encrypting all would even ask more resources.
Not sure what the benefit is of encrypting the documentation traffic though.

One of the plans is to use (at least for qgis.org and docs.qgis.org ==
static stuff) to start useing cloudflare. Only need time or someone to
set this up.

Regards,

Richard Duivenvoorde




More information about the Qgis-psc mailing list