I think it's time we made everything on code4lib.org use HTTPS by default
and redirect people to HTTPS from HTTP when needed. (Right now there's an
outdated self-signed SSL certificate on the site, so someone took a stab
at this earlier, but it's time to do it right.)
StartCom gives free SSL certs [0], and there are lots of places that sell
them for prices that seem to run over $100 per year (which seems
ridiculous to me, but maybe there's a good reason).
I don't know which is the best way to get a cert for a site like this, but
if people agree this is the right thing to do, perhaps someone with some
expertise could work with the Oregon State hosts?
More broadly, I think everyone should be using HTTPS everywhere (and HTTPS
Everywhere, the browser extension). Are any of you implementing HTTPS on
your institution's sites, and moving to it as default? It's one of those
slightly finicky things that on the surface isn't necessary (why bother
with a library's opening hours or address?) but deeper down is, because
everyone should be able to browse the web without being monitored.
Bill
[0] https://cert.startcom.org/
--
William Denton
Toronto, Canada
http://www.miskatonic.org/
|