[arch-general] /etc/os-release: Suggestions for improvements
karol at babioch.de
Tue Jul 3 06:51:28 EDT 2012
Am 03.07.2012 10:28, schrieb Thomas Bächler:
> The bbs and bug tracker are https-only. If you would go to the http
> link, you would be redirected to https. A user cannot login on the main
> website or send any sensitive information to it, so there is no need to
> force it to https.
Personally, I'm a big fan of HTTPS, even for seemingly uncritical
things. Remember: HTTPS not only makes sure the channel is encrypted,
but a key point of the whole PKI infrastructure is to make sure it is
the right person/site/party to whom you are talking to. Otherwise you
wouldn't need a certificate signed by a known CA. Furthermore it is
always conceivable that some man-in-the-middle replaces the download
links (along with the hashes) and/or something like that. As you've got
a valid certificate obviously, I don't see a reason why not make use of it.
Taking Fedora as an example they have their HOME_URL set to the HTTPS
version here. When you got HTTPS Everywhere  installed, you only get
to see the HTTPS version of fedoraproject.org. For Arch Linux, although
part of the database of HTTPS Everywhere, this isn't the case. I can't
see any disadvantage to propose the use of HTTPS strongly, especially
because you've already got valid certificates.
> Arch Linux is a community-supported OS, and the bbs is appropriate as a
> support URL.
By now means I wanted to depreciate the forums. I just wanted to make
the point that there are more ways to ask for help and that we should
advertise them also.
> Not a bad idea at all. As always, you can send a patch against
> https://projects.archlinux.org/archweb.git/ to include that landing page
> or submit a bug to the "Web Sites" category via
I've filed a feature request (#30518). Unfortunately I'm not familiar
with Django, so there is no way I could add this in a reasonable amount
of time. However it shouldn't take too long for someone who knows what
he is doing.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 900 bytes
Desc: OpenPGP digital signature
More information about the arch-general