Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:99991
Return-Path: <lists@rhsoft.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 51137 invoked from network); 21 Jul 2017 08:56:23 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Jul 2017 08:56:23 -0000
Authentication-Results: pb1.pair.com smtp.mail=lists@rhsoft.net; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=lists@rhsoft.net; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain rhsoft.net designates 91.118.73.15 as permitted sender)
X-PHP-List-Original-Sender: lists@rhsoft.net
X-Host-Fingerprint: 91.118.73.15 mail.thelounge.net  
Received: from [91.118.73.15] ([91.118.73.15:21655] helo=mail.thelounge.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 9D/52-02884-4B1C1795 for <internals@lists.php.net>; Fri, 21 Jul 2017 04:56:22 -0400
Received: from srv-rhsoft.rhsoft.net  (Authenticated sender: h.reindl@thelounge.net) by mail.thelounge.net (THELOUNGE MTA) with ESMTPSA id 3xDPkn08VhzXMf
	for <internals@lists.php.net>; Fri, 21 Jul 2017 10:56:16 +0200 (CEST)
To: internals@lists.php.net
References: <CA+aNembkpeU+vTX0dr1r_NuPZkKu4Da2rMTbS3RWk2eSacF_KA@mail.gmail.com>
 <CAESVnVrCndhLSuxZzNp5xqQLp8SC0wGSDAq8cjH+fRew-cCf1g@mail.gmail.com>
 <CANUQDCjB9UY8jTmmp43bQAW_9xJnoMbREN1zOQh1LubTfO4C-w@mail.gmail.com>
 <4B.B1.02884.CAFB1795@pb1.pair.com>
Message-ID: <a02faef6-0c93-d106-04c6-dadfede825db@rhsoft.net>
Date: Fri, 21 Jul 2017 10:56:16 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <4B.B1.02884.CAFB1795@pb1.pair.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: de-CH
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] php.net website
From: lists@rhsoft.net ("lists@rhsoft.net")



Am 21.07.2017 um 10:47 schrieb Tony Marston:
>> We should really change that and fully move to HTTPS.
>>
>> Regards, Niklas
> 
> Why on earth should you need to use HTTPS for a website that does not 
> deal with personal information? Nothing on that website can possibly be 
> classed as "sensitive" so what would be the point?

because in a few months major browsers start with warnings if a 
unencrypted page contains any form not just logins? guess hwat happens 
by the search field on the right top corner?

because HTTPS is also about data integrity?

because currently when you click on the download link and have not 
explicitly called https://secure.php.net/ you land on unencrypted 
download-pages?

because the whole web goes straight to HTTPS?