[arch-general] secure package signing related websites
Ionut Biru
ibiru at archlinux.org
Sun Mar 4 05:57:53 EST 2012
On 03/04/2012 12:22 PM, Christian Hesse wrote:
> Hello everybody,
>
> (As I am not allowed to post to arch-dev-public resending it here.)
>
> ok, not really related to the keyring package, but it came to my mind when
> installing it and while signing the key:
>
> I think it makes sense to not allow pages related to package signing being
> delivered via http. Instead automatically redirect to https to avoid man in
> the middle attacks. First site that comes to my mind:
> https://www.archlinux.org/master-keys/
open a feature request and tag it with {archweb}
--
Ionuț
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20120304/9c617df5/attachment.asc>
More information about the arch-general
mailing list