[sword-devel] Mailing list archives are insecure!

Greg Hellings greg.hellings at gmail.com
Fri May 2 15:12:55 EDT 2025 

Is your concern about this because of the HTTPS errors? Or is your concern
that the archives are public?

If the former, then you are seeing a proper error message for a user error.

If the latter, this is a public list. It's archives have always been public
and do not require a login.

--Greg

On Fri, May 2, 2025, 2:01 PM David Haslam <dfhdfh at protonmail.com> wrote:

> So are you saying that nobody at CrossWire cares a diddly squat that
> strangers can connect straight to the archives without having to login via
> a secure connection?
>
> Best regards,
>
> David
>
> Sent with Proton Mail <https://pr.tn/ref/SWXT9A5YZ67G> secure email.
>
> On Friday, May 2nd, 2025 at 7:51 PM, Greg Hellings <
> greg.hellings at gmail.com> wrote:
>
> There is nothing insecure about it. We allow both HTTP and HTTPS
> connections.
>
> If you use the incorrect hostname over HTTPS you get an invalid cert,
> because the hostname you told the browser to use does not match the cert.
> The solution is to use the correct hostname.
>
> If you use HTTP some browsers give a warning that they don't like HTTP.
> The solution is to either ignore it because that's silly, or use HTTPS
> (correctly).
>
> The server and browser both respond appropriately to what is, at the base
> case, a user error.
>
> --Greg
>
> On Fri, May 2, 2025, 1:44 PM David Haslam <dfhdfh at protonmail.com> wrote:
>
>> It remains the case that the list archive / server
>> <http://crosswire.org/mailman/listinfo/sword-devel> has an insecure
>> connection that uses only HTTP.
>>
>> We should upgrade it ASAP to use HTTPS to avoid all the Browser Warnings!
>>
>> It's 2025 now. Nobody nowadays should still be using HTTP.
>>
>> With all the kerfuffle/hilarity about my use of *Leo*, we seem to have
>> lost sight of the main point!
>>
>> Best regards,
>>
>> David
>>
>> Sent with Proton Mail <https://pr.tn/ref/SWXT9A5YZ67G> secure email.
>>
>> On Friday, May 2nd, 2025 at 6:27 PM, DM Smith <dmsmith at crosswire.org>
>> wrote:
>>
>> Fair enough of a disclaimer.
>>
>> On May 2, 2025, at 10:39 AM, Nathan Phillip Brink <
>> ohnobinki at ohnopublishing.net> wrote:
>>
>> I think Leo clearly enough said that he doesn't know the actual URI but
>> that if this organization followed a common pattern, they might have chosen
>> that URI. I don't think that's a hallucination, but I don't know the jargon.
>>
>> On 2025-05-02 9:18:05 GMT-05:00, DM Smith <dmsmith at crosswire.org>:
>>
>> Leo is hallucinating. This is a well known problem of GPT agents.
>>
>> On May 2, 2025, at 8:13 AM, David Haslam <dfhdfh at protonmail.com> wrote:
>>
>> Hi Troy,
>>
>> That's a curious question!
>>
>> Me: What is pipermail?
>>
>> Leo: Based on the search results, **pipermail** appears to be a term
>> related to electronic mailing lists, specifically the archives of mailing
>> lists managed by the GNU Mailman software.
>>
>> According to Wikipedia, GNU Mailman is a computer software application
>> for managing electronic mailing lists, and pipermail is likely a part of
>> this system. It seems that pipermail is used to access and browse the
>> archives of mailing lists.
>>
>> If you're looking for more information on pipermail, I can try to help
>> you further.
>>
>> Me: What is the URL for the archive of the CrossWire Bible Society's
>> mailing list called sword-devel ?
>>
>> Leo: The URL for the archive of the CrossWire Bible Society's mailing
>> list called sword-devel is not explicitly mentioned in the search results
>> you provided. However, based on the context, it appears to be related to
>> email list archives or mailing list management systems.
>>
>> From the search results, it seems that the `pipermail` term is related to
>> email list archives, specifically the archives of mailing lists managed by
>> the GNU Mailman software.
>>
>> Given this information, it is possible that the URL for the archive of
>> the CrossWire Bible Society's mailing list called sword-devel is in the
>> format of `https://lists.crosswire.org/pipermail/sword-devel/`
>> <https://lists.crosswire.org/pipermail/sword-devel/> or something
>> similar.
>>
>> Aside: Leo is the AI agent in the Brave browser.
>>
>> So, now you know how I found it, is there something amiss with the
>> aforementioned hostname?
>> I don't recall seeing it before, but, hey!
>>
>> Best regards,
>>
>> David
>>
>> Sent with Proton Mail <https://pr.tn/ref/SWXT9A5YZ67G> secure email.
>>
>> On Friday, May 2nd, 2025 at 1:03 PM, Troy A. Griffitts <
>> scribe at crosswire.org> wrote:
>>
>> Don't use 'lists' dot crosswire.org. Where did you find that hostname?
>> We have a catchall, so you can say https://bettyboop.crosswire.org<
>> https://bettyboop.crosswire.org/> if you want, but the certificate won't
>> be value for that domain.
>>
>> On 5/2/25 6:46 AM, David Haslam wrote:
>>
>> If you visit (eg) https://lists.crosswire.org/pipermail/sword-devel/
>>
>> The first thing you notice is a Browser Warning that the URL is insecure.
>> The https connection falls back to insecure http
>>
>> Please would someone with access to our server make the necessary changes
>> for our list archives.
>>
>>
>> Best regards,
>>
>> David
>>
>> Sent with Proton Mail <https://pr.tn/ref/SWXT9A5YZ67G> secure email.
>>
>>
>> _______________________________________________
>> sword-devel mailing list: sword-devel at crosswire.org <
>> mailto:sword-devel at crosswire.org <sword-devel at crosswire.org>>
>> http://crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>>
>>
>> _______________________________________________
>> sword-devel mailing list: sword-devel at crosswire.org
>> http://crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>>
>>
>> _______________________________________________
>> sword-devel mailing list: sword-devel at crosswire.org
>> http://crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>>
>>
>>
>> _______________________________________________
>> sword-devel mailing list: sword-devel at crosswire.org
>> http://crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>>
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://crosswire.org/pipermail/sword-devel/attachments/20250502/303873e9/attachment.htm>

More information about the sword-devel mailing list