On Sat, Sep 03, 2011 at 02:55:50PM +0100, Gordon JC Pearce wrote:
On Sat, 3 Sep 2011 01:18:58 -0300 rafael ff1 <rafael.f.f1@gmail.com> wrote:
's' stands for Secure. Maybe security is a good reason.
Oh, okay, so you put an "S" in and it waves the magic "secure" stick. Very good.
What happens if you're using a password you don't care about for AUR?
This is by no way an argument... What happens if *at least* one person cares about its AUR password out there? And anyway, having an AUR account hijacked could be damageable to a lot of people. And would you really be ok if someone popped up a fake AUR website at your browser? (let's say in Syria...) Obviously, your browser won't notice anything if you're using plain old HTTP. And seriously, you must be logging in to a bunch of website every day (be it your webmail, your Twitter/G+/whatever); are you really, deliberately using HTTP there? If you lived in China, Libya or Syria, you wouldn't... The current SSL system has some weaknesses, most notably being forced to trust a tremendous amount of CAs. But then, why stick to something that's more than 15 years old, when there is an alternative that offers you encryption and makes sure that you talk to the real server? -- "C'est mieux, mais il y a plus cher ailleurs" : ____ _ _ _ _ ___ _ / ___| \ | | | | | / / | (_)_ __ _ ___ __ | | _| \| | | | |/ /| | | | '_ \| | | \ \/ / | |_| | |\ | |_| / / | |___| | | | | |_| |> < \____|_| \_|\___/_/ |_____|_|_| |_|\__,_/_/\_\ GNU/Linux fan && Archlinux user