What caught my eye was the domain cert not screaming at us as being untrusted. You can look at it and it's registered for CloudFlare (also provides DDoS protection). Normally, certs aren't transferred from domain to domain.... but it looks like the "patriots.win" is just an alt-name... not the domain name for the cert. Either way, it's a legit cert. NOW... who that cert is registered to is something you don't know... but you didn't know that for td.win either.
I believe they’re asking because nginx’s author is Russian, and the business originated from there, but so many use nginx, and it’s open source, I’d be surprised if there’s any reason not to trust it.
I'm happier with FOSS than I am with closed source when implementing projects. I actually get to see what I'm putting my name on and the community generally catches bad actors trying to put malware into a pull request.
Answered the nontechnical issues here: https://patriots.win/p/11SJoRtCps/x/c/4Dvm6QvMKiS
Can you poke Doggos to answer the technical ones?
Anyone know if he's answered them in one of these threads?
What caught my eye was the domain cert not screaming at us as being untrusted. You can look at it and it's registered for CloudFlare (also provides DDoS protection). Normally, certs aren't transferred from domain to domain.... but it looks like the "patriots.win" is just an alt-name... not the domain name for the cert. Either way, it's a legit cert. NOW... who that cert is registered to is something you don't know... but you didn't know that for td.win either.
I combed through this morning and didn't see anything, just took a cursory look and there doesn't appear to be much new information about this.
Not Op, but as a programmer I'm curious on the NGINX question (#6). Why wouldn't they trust it?
I believe they’re asking because nginx’s author is Russian, and the business originated from there, but so many use nginx, and it’s open source, I’d be surprised if there’s any reason not to trust it.
I'm happier with FOSS than I am with closed source when implementing projects. I actually get to see what I'm putting my name on and the community generally catches bad actors trying to put malware into a pull request.