picocms.org could be served over https

[arthurzenika]

It would be nice for the landing page for the project to be served using https on https://picocms.org/

[PhrozenByte]

Indeed. I'll suggest @picocms to do the necessary changes (unfortunately it's a bit more than just hitting a button or something), but it might take some time.

[Croydon]

Since the website gets served over GitHub pages and GitHub pages has support for https, even for custom domains, it might be actually as easy as hitting a button 😄

[NicoHood]

If the framework itself cannot serve its own website via https, I am not interested at all. That looks very weird.

[xpunkt]

leave http and https not used in links its solved, the homepage with the content is still https hosted, but links in content does not need to spesify http or https protocol

[mayamcdougall]

Alright, so, I feel compelled to address some of this, if just to answer questions for anyone who visits this Issue in the future.

@NicoHood PicoCMS.org utilizes GitHub Pages, which uses Jekyll as a framework. The website unfortunately does not use Pico itself, simply because GitHub Pages is a more economical solution that paying for a web host to run it with Pico.

Pico is perfectly capable of running a site that utilizes HTTPS. Furthermore, it's the responsibility of the web server to provide HTTPS in the first place, not the framework the site is built with. I suspect that your comment is more trolling than actual curiosity in the matter, but hopefully this clarifies it for anyone with this misunderstanding in the future.

@xpunkt I'm sorry, but I don't really understand your comment and how you're suggesting the solve the problem, but it's not really relevant anyway, for reasons I'll get to below.

---

To answer the question, as far as I know, the reason PicoCMS.org doesn't use HTTPS comes down to a logistical issue, not a technical one. The original owner of the PicoCMS project page here on GitHub, which holds our repositories, is no longer active with the project. They are also the owner of the PicoCMS domain name.

It has been a long time since they were active with the project, and while for some time they were available, on occasion, to address concerns such as this (again, as far as I know) that was a long time ago.

Unfortunately, they never turned over access to the PicoCMS account itself or domain before moving on. While we have read/write access to the individual repos, and code contributions continue, certain management aspects (such as "switching on" https, as simple as it would seem) remain beyond our reach.

I'll say one final time, this information is simply as far as I know, and my recollection of some of the details might be incorrect. I just wanted to provide some insight to anyone asking in the future.

---

@PhrozenByte Has any progress been made on this front? If this is something you'd like to work on, we can (and probably should) discuss the details at some point in private.

Hopefully I haven't overstepped my bounds here by recounting what I think I remember on the situation. I just felt that a statement on the matter might help explain why this "simple" matter has taken so long. Also, I wasn't happy with the idea that some people might misinterpret this issue as a shortcoming of Pico itself.

[picocms]

Hi, Pico owner here.

Nobody contacted me to request anything on my end and I have answered each time anyone has reached out. I've made the switch to HTTPS.

[PhrozenByte]

@picocms Good to hear from you again! Thank you for switching. :heart: Do you have a new email address? Because I've sent you multiple emails about this in the past (all of them a rather long time ago, not recently). You still got my email address, right? Can you please send me an email, just to be sure that emails don't vanish/are getting blocked/redirected to spam/etc.?

Closing this as resolved :+1:

[picocms]

@picocms Good to hear from you again! Thank you for switching. ❤️ Do you have a new email address? Because I've sent you multiple emails about this in the past (all of them a rather long time ago, not recently). You still got my email address, right? Can you please send me an email, just to be sure that emails don't vanish/are getting blocked/redirected to spam/etc.?

Closing this as resolved 👍

Hi @PhrozenByte - I'm still on the same email. I have you as picocms.org@[your-domain]. I Will drop you an email here but let me know if you don't receive and we can work something else out.

[Croydon]

By the way, if the sharing of permissions is not a trust issue, but rather what GitHub allows to share on single repositories, then I think you should convert picocms into an actual GitHub organization

https://docs.github.com/en/github/setting-up-and-managing-your-github-user-account/converting-a-user-into-an-organization

[Croydon]

This file still needs to be switched to https in the website's source code

Blocked loading mixed active content “http://remy.github.com/twitterlib/twitterlib.js” twitter.min.js:10:2767
Loading failed for the <script> with source “http://remy.github.com/twitterlib/twitterlib.js”.

[mayamcdougall]

Hello @picocms. 👋 ❤️

Thank you for taking care of this for us. I'm sorry, I did not mean any disrespect in my comment. I was just explaining the situation, as far as I knew it, in hopes of answering some of the recent interest this issue had gotten. I was going off of @PhrozenByte's inability to contact you a while back, and I think we were both assuming at this point that you might have lost interest in the project over time. No hard feelings if that should be the case, now or in the future, but it might be a good idea to set up some contingency plans with @PhrozenByte now that you guys are back in contact.

@Croydon Brings up an interesting point while I'm writing this about whether we should look into making PicoCMS a proper GitHub organization (something that I think used to be a paid option back then but isn't anymore 🤔). This might be something for you both to discuss. While it wouldn't have solved the https issue on it's own, it might be a good "forward thinking" thing to consider.

Also, @Croydon I'll look into the website in a bit, I'm sure there's some loose ends that'll need cleaning up now. Thanks for mentioning it. 😉

And thanks again for taking care of this @picocms. I'm hoping you and @PhrozenByte can get all your contact issues sorted out now. 😁

[PhrozenByte]

Thank you for the great explanations @mayamcdougall! :+1:

@picocms Thank you, I got your e-mail. I've just send you an answer, let me know if it didn't reach you.