On 03/09/11 14:55, Gordon JC Pearce wrote:
On Sat, 3 Sep 2011 01:18:58 -0300 rafael ff1<rafael.f.f1@gmail.com> wrote:
's' stands for Secure. Maybe security is a good reason.
Oh, okay, so you put an "S" in and it waves the magic "secure" stick. Very good.
What happens if you're using a password you don't care about for AUR?
If you are using such password then you are putting AUR at risk because if your password can be easily cracked there is a possibility that an attacker would be able to compromise the whole AUR service using your account (see recent news about kernel.org [1] [2] ) and that will not be good at all. So please use reasonably strong password even if you don't care about AUR yourself... (HTTPS means HTTP over SSL, so it encrypts your COMMUNICATION - it will not make your AUR password any more hack-proof if your password is weak) Is there any particular problem why you can't/don't want to use HTTPS? If yes, we may be able to help you... [1] - http://kernel.org <http://kernel.org/> [2] - http://pastebin.com/BKcmMd47