On Thu, 28 Oct 2010 03:13:42 -0400, Kaiting Chen firstname.lastname@example.org wrote:
Pierre, How is sending publicly available information unencrypted insecure? It does not warrant a need for additional security in the first place. If someone wants to see what comments you post on a package they go look at the package's page. They don't have to sniff your traffic. I am secure in my AUR traffic's triviality.
How is https for logins inconvenient for users? Forwarding between http and https happens transparently on every major website. Most people wouldn't know it was happening if it wasn't for the padlock graphic. Many still don't.
True story; and a lot of server resources would be saved by not having to encrypt information that doesn't need to be encrypted.
That's wrong. See for example http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html. About 1% cpu overhead is not worth talking about. In fact it would be a lot more work and possible insecure to not just encrypt everything but selectively.