Excerpts from Gordon JC Pearce's message of 2011-09-01 20:15:28 +0200:
On Thu, 01 Sep 2011 17:55:57 +0200 Philipp Überbacher <hollunder@lavabit.com> wrote:
Do I understand it correctly that https-everywhere goes through a lot of trouble (browser-plugin with whitelist and custom rules for every page) for what could be achieved by simply defaulting to https?
I don't really understand why it's so important to break existing links by forcing everyone onto the https page.
What happens if you *don't want to use https*? Why are the Arch webby bods forcing this nanny-state twatmuppetry down our throats?
It shouldn't be enforced, it should be the default. But you're right, it seems it is enforced in some cases, with the redirect on bugs.archlinux.org for example. In this case the login is on the main page, which is probably the reason for the redirect. It's really somewhat confusing, in the meantime I start to think that optimally both would be available and the browser settings should be the place to decide (in general).