On 10/27/2010 05:49 AM, Justin Davis wrote:
On Tue, Oct 26, 2010 at 1:50 PM, Ionuț Bîruibiru@archlinux.org wrote:
we are now using default https for aur.archlinux.org. Some aur helpers may need adjustment, others like cower/slurpy already works as expected.
Kudos for their maintainers for following the aur development
Hi I maintain clyde lately. I try to keep it working anyways. This mandatory switch to https breaks clyde's AUR support. Clyde's AUR support is the only reason to use it, really... it is an AUR helper after all. Forcing all traffic to https is not what I would call "default". Default would be cool but generally a default option is not the _only_ option.
Hi, i didn't know that there is another maintainer and i announced personally Digitalkiwi, for more than one month(i believe), that we are switching. He said that is working and it shouldn't be a problem.
I hadn't joined aur-dev. I am assuming the switch was announced there. I already am a part of this mailing list and most of what I receive from it is junk to me. I also joined the pacdev mailing list long ago but filtered that because it fills my mailbox with stuff I don't care about. All I care about are API changes to libalpm, really, and I usually just diff the sources to find them.
This switch was mostly discuss it in bugtracker
Out of curiosity I looked at slurpy on github and it hasn't been updated since July. Cower was updated 4 days ago. If an AUR helper uses a sufficiently high-level interface they won't need to update because they get forwarded to the HTTPS URI. Everything is automagically fixed for them. Clyde is probably the only AUR helper to suffer from this because of its low-level Luasocket library. Maybe paktahn as well. Kudos to falconindy at least for updating cower to use https by default.
That was mostly a rant by me side and is should be ignored :P
I'm glad that logins to the AUR are now encrypted. Previously they weren't which is always surprising to find out. Other than logins I could care less if my traffic is sniffed. I know the logic is easier to just switch _everything_ to HTTPS but could maybe we just use https for logins? Could you allow HTTPS to be optional (except for logins) and then give validity to the term "default"?
As i said earlier in a reply to Loui, maybe we can do it better.Having https only for login and then redirecting to http is like not having it at all.