[arch-general] /etc/os-release: Suggestions for improvements
Thomas Bächler
thomas at archlinux.org
Tue Jul 3 07:08:39 EDT 2012
Am 03.07.2012 12:51, schrieb Karol Babioch:
> Hi,
>
> Am 03.07.2012 10:28, schrieb Thomas Bächler:
>> The bbs and bug tracker are https-only. If you would go to the http
>> link, you would be redirected to https. A user cannot login on the main
>> website or send any sensitive information to it, so there is no need to
>> force it to https.
>
> Personally, I'm a big fan of HTTPS, even for seemingly uncritical
> things. Remember: HTTPS not only makes sure the channel is encrypted,
> but a key point of the whole PKI infrastructure is to make sure it is
> the right person/site/party to whom you are talking to. Otherwise you
> wouldn't need a certificate signed by a known CA. Furthermore it is
> always conceivable that some man-in-the-middle replaces the download
> links (along with the hashes) and/or something like that. As you've got
> a valid certificate obviously, I don't see a reason why not make use of it.
Those are all valid concerns. I don't know why this particular URL was
chosen.
I guess nobody has put nearly as much thought into this as you did.
> Taking Fedora as an example they have their HOME_URL set to the HTTPS
> version here. When you got HTTPS Everywhere [1] installed, you only get
> to see the HTTPS version of fedoraproject.org. For Arch Linux, although
> part of the database of HTTPS Everywhere, this isn't the case. I can't
> see any disadvantage to propose the use of HTTPS strongly, especially
> because you've already got valid certificates.
<ruleset name="Arch Linux">
<target host="archlinux.org"/>
<target host="*.archlinux.org"/>
<rule from="^http://archlinux\.org/" to="https://www.archlinux.org/"/>
<rule from="^http://([^/:@\.]+)\.archlinux\.org/"
to="https://$1.archlinux.org/"/>
</ruleset>
I always get https by default here.
>> Not a bad idea at all. As always, you can send a patch against
>> https://projects.archlinux.org/archweb.git/ to include that landing page
>> or submit a bug to the "Web Sites" category via
>> https://bugs.archlinux.org/newtask/proj1.
> I've filed a feature request (#30518). Unfortunately I'm not familiar
> with Django, so there is no way I could add this in a reasonable amount
> of time. However it shouldn't take too long for someone who knows what
> he is doing.
Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20120703/a934d04f/attachment.asc>
More information about the arch-general
mailing list