20.xx: postponse LuCI HTTPS per default

Petr Štetiar ynezz at true.cz
Fri Nov 20 05:44:14 EST 2020


Paul Spooren <mail at aparcar.org> [2020-11-19 13:09:02]:

Hi,

> while 20.xx seems close, 

I don't share your view on this one, 21.xx is close, yes :-) Just being
realistic here. So I would say, that if this issue should be tackled, there is
still some time left to do so.

> I'd like to suggest to postponse HTTPS LuCI (`luci-ssl` vs `luci`) per
> default.

Do we need to make this hard decission? Can't we leave it to the end users?
We need most of the SSL stuff for other parts, so why not benefit from that in
other parts?

For the start, can't we simply introduce some first time welcome page on HTTP,
explain to the user, that HTTPS is available, the pros and cons of this
solution and let the user decide?

In less intrusive way, this welcome page/wizard could be replaced with some
information box "HTTPS is just a moments away", so the user would need to
explicitly request that HTTPS feature.

There might be some better UX approach, but please try hard to move forward,
not backward :-)

-- ynezz



More information about the openwrt-devel mailing list