2011/9/1 Philipp Überbacher firstname.lastname@example.org:
Excerpts from Gordon JC Pearce's message of 2011-09-01 20:15:28 +0200:
On Thu, 01 Sep 2011 17:55:57 +0200 Philipp Überbacher email@example.com wrote:
Do I understand it correctly that https-everywhere goes through a lot of trouble (browser-plugin with whitelist and custom rules for every page) for what could be achieved by simply defaulting to https?
I don't really understand why it's so important to break existing links by forcing everyone onto the https page.
What happens if you *don't want to use https*? Why are the Arch webby bods forcing this nanny-state twatmuppetry down our throats?
It shouldn't be enforced, it should be the default. But you're right, it seems it is enforced in some cases, with the redirect on bugs.archlinux.org for example. In this case the login is on the main page, which is probably the reason for the redirect. It's really somewhat confusing, in the meantime I start to think that optimally both would be available and the browser settings should be the place to decide (in general).
I normally look for AUR packages in my google search engine, in case I'm not already in AUR interface. Since https is the default login, google search find the http interface. That's not much bad, but if I want to login after that, I can't just mouse-click the new "http login disabled" message. IMHO, it would be nice to have a URL in front of this warning that forwards to https in the same page you are at the moment, instead of going to AUR Home. Example: http://aur.archlinux.org/packages.php?ID=41362 # goes to https://aur.archlinux.org/packages.php?ID=41362