Please consider enabling https on trac and forum

[fabio]

At least with a self signed certificate, but google reveals that at least a CA ( ​http://www.godaddy.com/ssl/ssl-open-source.aspx ) gives a 1 year free certificate to open source projects. There were too many security problems involving open source projects recently. Https is just a little step on improving security.

[Philip]

I don't think enabling it on Trac would provide any benefits. The only potentially sensitive information sent to the server is Trac passwords, and that's done with digest authentication so the passwords aren't vulnerable to passive attacks anyway.

[bstempi]

We should at least self-sign or something. I'll take this on as a future enhancement.

[historic_bruno]

Replying to bstempi:

We should at least self-sign or something. I'll take this on as a future enhancement.

Does that mean my browser (Firefox) will show scary warnings when I visit Trac? If so, please don't do that :(

[fabio]

Replying to historic_bruno:

Replying to bstempi:

We should at least self-sign or something. I'll take this on as a future enhancement.

Does that mean my browser (Firefox) will show scary warnings when I visit Trac? If so, please don't do that :(

See the first post: godaddy gives free certs to open source projects.

[Philip]

Free for a year, then seemingly £44/year after that for a single domain. Also it'd most likely need an extra IP address (~€23/year) per domain (at least for the Trac/SVN/etc server, probably not the forums), since SSL is incompatible with virtual hosting. (I did have a self-signed cert on svn.wildfiregames.com for a while, to help people circumvent broken proxies, but got rid of it because it interfered with the virtual hosting.)

[historic_bruno]

Could we use ​StartSSL Free?