5 Aug
2011
5 Aug
'11
10:16 p.m.
On 08/06/2011 12:54 AM, Lukas Fleischer wrote:
To prevent session hijacking, mtm attacks or whatnot I'd recommend the following: * Redirect all http traffic to https by default
We won't do that. HTTPs will be the default but we won't force users to use HTTPs. If you decide to use HTTP intentionally, we won't prevent you from doing so. HTTPs implies an unnecessary overhead and there's no point in forcing everybody to use HTTPs even if one doesn't even have an AUR account.
That reason is a bit childish. We had this discussion 1 year ago and only you and Loui were against. Seriously now, why you are against https? Do you use some aur helper that is broken and uses http and cannot handle redirect well? -- IonuČ›