4 Mar
2012
4 Mar
'12
4:27 p.m.
On 03/04/2012 12:22 PM, Christian Hesse wrote:
Hello everybody,
(As I am not allowed to post to arch-dev-public resending it here.)
ok, not really related to the keyring package, but it came to my mind when installing it and while signing the key:
I think it makes sense to not allow pages related to package signing being delivered via http. Instead automatically redirect to https to avoid man in the middle attacks. First site that comes to my mind: https://www.archlinux.org/master-keys/
open a feature request and tag it with {archweb} -- Ionuț