[sword-devel] Mailing list archives are insecure!

Nathan Phillip Brink ohnobinki at ohnopublishing.net
Fri May 2 15:01:40 EDT 2025 

It is true that it would be nice if the footer on the mailing list could 
be updated to show an HTTPS URI instead of an HTTP one. Then users would 
get a little bit of protection if they follow the links while using a 
public hotspot. Is that possible?


On 2025-05-02 14:51, Greg Hellings wrote:
> There is nothing insecure about it. We allow both HTTP and HTTPS 
> connections.
>
> If you use the incorrect hostname over HTTPS you get an invalid cert, 
> because the hostname you told the browser to use does not match the 
> cert. The solution is to use the correct hostname.
>
> If you use HTTP some browsers give a warning that they don't like 
> HTTP. The solution is to either ignore it because that's silly, or use 
> HTTPS (correctly).
>
> The server and browser both respond appropriately to what is, at the 
> base case, a user error.
>
> --Greg
>
> On Fri, May 2, 2025, 1:44 PM David Haslam <dfhdfh at protonmail.com> wrote:
>
>     It remains the case that the list archive / server
>     <http://crosswire.org/mailman/listinfo/sword-devel> has an
>     insecure connection that uses only HTTP.
>
>     We should upgrade it ASAP to use HTTPS to avoid all the Browser
>     Warnings!
>
>     It's 2025 now. Nobody nowadays should still be using HTTP.
>
>     With all the kerfuffle/hilarity about my use of *Leo*, we seem to
>     have lost sight of the main point!
>
>     Best regards,
>
>     David
>
>     Sent with Proton Mail <https://pr.tn/ref/SWXT9A5YZ67G> secure email.
>
>     On Friday, May 2nd, 2025 at 6:27 PM, DM Smith
>     <dmsmith at crosswire.org> wrote:
>>     Fair enough of a disclaimer.
>>
>>>     On May 2, 2025, at 10:39 AM, Nathan Phillip Brink
>>>     <ohnobinki at ohnopublishing.net> wrote:
>>>
>>>     I think Leo clearly enough said that he doesn't know the actual
>>>     URI but that if this organization followed a common pattern,
>>>     they might have chosen that URI. I don't think that's a
>>>     hallucination, but I don't know the jargon.
>>>
>>>     On 2025-05-02 9:18:05 GMT-05:00, DM Smith <dmsmith at crosswire.org>:
>>>>     Leo is hallucinating. This is a well known problem of GPT agents.
>>>>
>>>>>     On May 2, 2025, at 8:13 AM, David Haslam
>>>>>     <dfhdfh at protonmail.com> wrote:
>>>>>
>>>>>     Hi Troy,
>>>>>
>>>>>     That's a curious question!
>>>>>
>>>>>     Me: What is pipermail?
>>>>>
>>>>>     Leo: Based on the search results, **pipermail** appears to be
>>>>>     a term related to electronic mailing lists, specifically the
>>>>>     archives of mailing lists managed by the GNU Mailman software.
>>>>>
>>>>>     According to Wikipedia, GNU Mailman is a computer software
>>>>>     application for managing electronic mailing lists, and
>>>>>     pipermail is likely a part of this system. It seems that
>>>>>     pipermail is used to access and browse the archives of mailing
>>>>>     lists.
>>>>>
>>>>>     If you're looking for more information on pipermail, I can try
>>>>>     to help you further.
>>>>>
>>>>>     Me: What is the URL for the archive of the CrossWire Bible
>>>>>     Society's mailing list called sword-devel ?
>>>>>
>>>>>     Leo: The URL for the archive of the CrossWire Bible Society's
>>>>>     mailing list called sword-devel is not explicitly mentioned in
>>>>>     the search results you provided. However, based on the
>>>>>     context, it appears to be related to email list archives or
>>>>>     mailing list management systems.
>>>>>
>>>>>     From the search results, it seems that the `pipermail` term is
>>>>>     related to email list archives, specifically the archives of
>>>>>     mailing lists managed by the GNU Mailman software.
>>>>>
>>>>>     Given this information, it is possible that the URL for the
>>>>>     archive of the CrossWire Bible Society's mailing list called
>>>>>     sword-devel is in the format of
>>>>>     `https://lists.crosswire.org/pipermail/sword-devel/`
>>>>>     <https://lists.crosswire.org/pipermail/sword-devel/> or
>>>>>     something similar.
>>>>>
>>>>>     Aside: Leo is the AI agent in the Brave browser.
>>>>>
>>>>>     So, now you know how I found it, is there something amiss with
>>>>>     the aforementioned hostname?
>>>>>     I don't recall seeing it before, but, hey!
>>>>>
>>>>>     Best regards,
>>>>>
>>>>>     David
>>>>>
>>>>>     Sent with Proton Mail <https://pr.tn/ref/SWXT9A5YZ67G> secure
>>>>>     email.
>>>>>
>>>>>     On Friday, May 2nd, 2025 at 1:03 PM, Troy A. Griffitts
>>>>>     <scribe at crosswire.org> wrote:
>>>>>>     Don't use 'lists' dotcrosswire.org <http://crosswire.org/>.
>>>>>>     Where did you find that hostname? We have a catchall, so you
>>>>>>     can
>>>>>>     sayhttps://bettyboop.crosswire.org<https://bettyboop.crosswire.org/>
>>>>>>     if you want, but the certificate won't be value for that domain.
>>>>>>
>>>>>>     On 5/2/25 6:46 AM, David Haslam wrote:
>>>>>>>     If you visit
>>>>>>>     (eg)https://lists.crosswire.org/pipermail/sword-devel/
>>>>>>>
>>>>>>>     The first thing you notice is a Browser Warning that the URL
>>>>>>>     is insecure.
>>>>>>>     The https connection falls back to insecure http
>>>>>>>
>>>>>>>     Please would someone with access to our server make the
>>>>>>>     necessary changes for our list archives.
>>>>>>>
>>>>>>>
>>>>>>>     Best regards,
>>>>>>>
>>>>>>>     David
>>>>>>>
>>>>>>>     Sent with Proton Mail <https://pr.tn/ref/SWXT9A5YZ67G>
>>>>>>>     secure email.
>>>>>>>
>>>>>>>
>>>>>>>     _______________________________________________
>>>>>>>     sword-devel mailing
>>>>>>>     list:sword-devel at crosswire.org<mailto:sword-devel at crosswire.org
>>>>>>>     <mailto:sword-devel at crosswire.org>>
>>>>>>>     http://crosswire.org/mailman/listinfo/sword-devel
>>>>>>>     Instructions to unsubscribe/change your settings at above page
>>>>>
>>>>>     _______________________________________________
>>>>>     sword-devel mailing list: sword-devel at crosswire.org
>>>>>     http://crosswire.org/mailman/listinfo/sword-devel
>>>>>     Instructions to unsubscribe/change your settings at above page
>>>>
>>>     _______________________________________________
>>>     sword-devel mailing list: sword-devel at crosswire.org
>>>     http://crosswire.org/mailman/listinfo/sword-devel
>>>     Instructions to unsubscribe/change your settings at above page
>>
>
>     _______________________________________________
>     sword-devel mailing list: sword-devel at crosswire.org
>     http://crosswire.org/mailman/listinfo/sword-devel
>     Instructions to unsubscribe/change your settings at above page
>
>
> _______________________________________________
> sword-devel mailing list:sword-devel at crosswire.org
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://crosswire.org/pipermail/sword-devel/attachments/20250502/4ffc335f/attachment-0001.htm>

More information about the sword-devel mailing list