[sword-devel] Mailing list archives are insecure!

Fri May 2 14:59:22 EDT 2025

The "insecure" connection message given by browsers is not a claim of
the connection itself being suspect to man-in-the-middle attacks.
Rather, it is a claim that the browser could not verify the validity
of the website domain through authoritative sources. The connection is
nonetheless secure. There's really no need to worry about these
arbitrary subdomains, especially if we're talking about public
archives. It just so happens that a subdomain is considered a separate
domain, and therefore requires its own certificate approved by some
authoritative source. Wild-card certificates would arguably remove
your concerns, but there's really no need for concern to begin with.

On Fri, May 2, 2025 at 2:44 PM David Haslam <dfhdfh at protonmail.com> wrote:
>
> It remains the case that the list archive / server has an insecure connection that uses only HTTP.
>
> We should upgrade it ASAP to use HTTPS to avoid all the Browser Warnings!
>
> It's 2025 now. Nobody nowadays should still be using HTTP.
>
> With all the kerfuffle/hilarity about my use of Leo, we seem to have lost sight of the main point!
>
> Best regards,
>
> David
>
> Sent with Proton Mail secure email.
>
> On Friday, May 2nd, 2025 at 6:27 PM, DM Smith <dmsmith at crosswire.org> wrote:
>
> Fair enough of a disclaimer.
>
> On May 2, 2025, at 10:39 AM, Nathan Phillip Brink <ohnobinki at ohnopublishing.net> wrote:
>
> I think Leo clearly enough said that he doesn't know the actual URI but that if this organization followed a common pattern, they might have chosen that URI. I don't think that's a hallucination, but I don't know the jargon.
>
> On 2025-05-02 9:18:05 GMT-05:00, DM Smith <dmsmith at crosswire.org>:
>
> Leo is hallucinating. This is a well known problem of GPT agents.
>
> On May 2, 2025, at 8:13 AM, David Haslam <dfhdfh at protonmail.com> wrote:
>
> Hi Troy,
>
> That's a curious question!
>
> Me: What is pipermail?
>
> Leo: Based on the search results, **pipermail** appears to be a term related to electronic mailing lists, specifically the archives of mailing lists managed by the GNU Mailman software.
>
> According to Wikipedia, GNU Mailman is a computer software application for managing electronic mailing lists, and pipermail is likely a part of this system. It seems that pipermail is used to access and browse the archives of mailing lists.
>
> If you're looking for more information on pipermail, I can try to help you further.
>
> Me: What is the URL for the archive of the CrossWire Bible Society's mailing list called sword-devel ?
>
> Leo: The URL for the archive of the CrossWire Bible Society's mailing list called sword-devel is not explicitly mentioned in the search results you provided. However, based on the context, it appears to be related to email list archives or mailing list management systems.
>
> From the search results, it seems that the `pipermail` term is related to email list archives, specifically the archives of mailing lists managed by the GNU Mailman software.
>
> Given this information, it is possible that the URL for the archive of the CrossWire Bible Society's mailing list called sword-devel is in the format of `https://lists.crosswire.org/pipermail/sword-devel/` or something similar.
>
> Aside: Leo is the AI agent in the Brave browser.
>
> So, now you know how I found it, is there something amiss with the aforementioned hostname?
> I don't recall seeing it before, but, hey!
>
> Best regards,
>
> David
>
> Sent with Proton Mail <https://pr.tn/ref/SWXT9A5YZ67G> secure email.
>
> On Friday, May 2nd, 2025 at 1:03 PM, Troy A. Griffitts <scribe at crosswire.org> wrote:
>
> Don't use 'lists' dot crosswire.org. Where did you find that hostname? We have a catchall, so you can say https://bettyboop.crosswire.org<https://bettyboop.crosswire.org/> if you want, but the certificate won't be value for that domain.
>
> On 5/2/25 6:46 AM, David Haslam wrote:
>
> If you visit (eg) https://lists.crosswire.org/pipermail/sword-devel/
>
> The first thing you notice is a Browser Warning that the URL is insecure.
> The https connection falls back to insecure http
>
> Please would someone with access to our server make the necessary changes for our list archives.
>
>
> Best regards,
>
> David
>
> Sent with Proton Mail <https://pr.tn/ref/SWXT9A5YZ67G> secure email.
>
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org <mailto:sword-devel at crosswire.org>
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>
>
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page