[arch-general] secure package signing related websites
Christian Hesse
list at eworm.de
Sun Mar 4 08:56:43 EST 2012
Ionut Biru <ibiru at archlinux.org> on Sun, 04 Mar 2012 12:57:53 +0200:
> On 03/04/2012 12:22 PM, Christian Hesse wrote:
> > I think it makes sense to not allow pages related to package signing being
> > delivered via http. Instead automatically redirect to https to avoid man
> > in the middle attacks. First site that comes to my mind:
> > https://www.archlinux.org/master-keys/
>
> open a feature request and tag it with {archweb}
Done. Thanks!
https://bugs.archlinux.org/task/28771
--
Best regards,
Chris
O< ascii ribbon campaign
stop html mail - www.asciiribbon.org
More information about the arch-general
mailing list