We were sitting here looking at some unencrypted network traffic and it hit me - our StHub, SqS, and ss3 credentials are always unencrypted. This is a tremendous security hole. Someone could grab the credentials of a more prominent member of the community who has admin rights to many repos and start uploading arbitrary Zip files with who-knows-what embedded. SSL certificates are so cheap today. Will ESUG purchase them for our community servers? I personally have deleted all my private repos, and moved them to BitBucket, which I can access via SSH, but it doesn't solve the problem because of course any open source St project I load will open the flood gates! ----- Cheers, Sean -- View this message in context: http://forum.world.st/Repository-In-Security-tp4845058.html Sent from the ESUG mailing list archive at Nabble.com.