Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:53698
Return-Path: <j.boggiano@seld.be>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 2346 invoked from network); 30 Jun 2011 10:06:59 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 30 Jun 2011 10:06:59 -0000
Authentication-Results: pb1.pair.com smtp.mail=j.boggiano@seld.be; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=j.boggiano@seld.be; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain seld.be designates 74.125.82.170 as permitted sender)
X-PHP-List-Original-Sender: j.boggiano@seld.be
X-Host-Fingerprint: 74.125.82.170 mail-wy0-f170.google.com  
Received: from [74.125.82.170] ([74.125.82.170:46119] helo=mail-wy0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 10/34-10401-0CA4C0E4 for <internals@lists.php.net>; Thu, 30 Jun 2011 06:06:58 -0400
Received: by wyf22 with SMTP id 22so1633772wyf.29
        for <internals@lists.php.net>; Thu, 30 Jun 2011 03:06:53 -0700 (PDT)
Received: by 10.227.32.76 with SMTP id b12mr1638538wbd.45.1309428413033;
        Thu, 30 Jun 2011 03:06:53 -0700 (PDT)
Received: from [192.168.1.7] (42-104.192-178.cust.bluewin.ch [178.192.104.42])
        by mx.google.com with ESMTPS id ex2sm1507664wbb.48.2011.06.30.03.06.52
        (version=TLSv1/SSLv3 cipher=OTHER);
        Thu, 30 Jun 2011 03:06:52 -0700 (PDT)
Message-ID: <4E0C4AC0.9080908@seld.be>
Date: Thu, 30 Jun 2011 12:06:56 +0200
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6
MIME-Version: 1.0
To: internals@lists.php.net
References: <BANLkTinXb2LgJbZ9M26L1EpsJyz=7GVzOQ@mail.gmail.com> <20A27898-B6FD-4F72-A837-547BDFD8123D@bitextender.com>
In-Reply-To: <20A27898-B6FD-4F72-A837-547BDFD8123D@bitextender.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] bugs.php.net status and plan(s)
From: j.boggiano@seld.be (Jordi Boggiano)

On 30.06.2011 07:11, David Zülke wrote:
> May I suggest that the interface doesn't redirect to https:// by default? http:// plays much nicer with proxies, and browsers cache resources to disk, which is helpful not only on slow connections :)

Newish browsers do cache to disk if the Cache-Control header has the
"public" directive in it.

> The bug report form and anything else that transmits a password or similar could of course still be done via https://.

What about session cookies? Full-https is the only safe thing really.

Cheers

-- 
Jordi Boggiano
@seldaek - http://nelm.io/jordi