Activate https server support in 21.02 by default

Alberto Bursi bobafetthotmail at gmail.com
Sat May 15 12:59:50 PDT 2021



On 14/05/21 10:58, Petr Štetiar wrote:
> Fernando Frediani <fhfrediani at gmail.com> [2021-05-11 20:13:18]:
> 
> Hi,
> 
>> I am no sure https support should still be something by default in the
>> images as it's not something really essential
> 
> to me it's like discussion about telnet versus SSH. (Puting aside, that one
> shouldn't be using password at all) If it's fine with you to send your root
> password over telnet, then SSH is not essential, I agree.
> 
> FYI HTTPS wouldn't be enabled by default, it would be *available* by default,
> giving users of default release images choice for management of their devices
> over HTTPS, by doing so *explicitly*.
> 
> OpenWrt has quite huge community, so I hope, that having HTTPS available in
> default images would bring the currently horrible UX of self-signed
> certificates to wider audience which in turn might foster improvements.
> 
> -- ynezz
> 

I quite frankly don't understand and don't like half-measures like this.
It accomplishes... more harm than good.
Most end users won't even notice a difference, apart from the less free 
space.
I think most people that know and look for https will also be able to 
install a couple packages (or even use imagebuilder and whatnot), and 
that's what they have been doing for the last few years.
This is not something that requires a kernel recompile or something, so 
why adding it do default package list and leave it disabled.

Plus of course you get people that don't want https for some strange 
reason and will not like you adding "bloat".

I'm personally in the "encrypt all the things" camp. I fully support a 
switch to https only.

But it should be a default, not a "let's add stuff people might want to 
enable later". Either all in or all out.

-Alberto



More information about the openwrt-devel mailing list