This page will show recent comments made to posts in the forum and elsewhere.
Yes, if someone can see your email, they can login as you. The login emails do have some safeguards:
- A login link can only be used once, so if you've used it, and were successfully logged in, you know noone else also used it.
- A login link expires after 1 day.
- Only the most recently emailed login link can be used to log in.
This should make it secure enough for casual users editing a wiki or commenting. In some cases, it's not the best choice for logging in as a site's administrator, and you can keep the administrator logins limited to openid if necessary.
Encrypting the login email with gpg is a good idea, but would have to be implemented in ikiwiki ... and you would have to paste in their gpg public key so it knew who to encrypt to.
That's right, you'd need to ask Debian to get it packaged (or package it yourself and get that package into Debian).
Alternatively, it might make sense to add the plugin to Ikiwiki, and as long as its dependecies are available in Debian (which Pandoc is), it could then be enabled on Branchable.
This may seem a roundabout way to get Branchable to support something, but many people can add packages to Debian, and anyone can submit patches to Ikiwiki to add plugins, while only a few people administer Branchable.
Branchable is built on Debian. If the plugin can get packaged and included in Debian, we can easily enable it on Branchable.
As far as I can see, the site is set up correctly. Your gmail address is configured as the admin. I have rebuilt the site just in case.
This is because your site has been configured to also be served up for an external domain, www.guppy.uk.to in particular. When using an external domain, https is only enabled if you send us a certificate for that domain, see using https.