[arch-general] secure package signing related websites

Christian Hesse list at eworm.de
Sun Mar 4 08:56:43 EST 2012


Ionut Biru <ibiru at archlinux.org> on Sun, 04 Mar 2012 12:57:53 +0200:
> On 03/04/2012 12:22 PM, Christian Hesse wrote:
> > I think it makes sense to not allow pages related to package signing being
> > delivered via http. Instead automatically redirect to https to avoid man
> > in the middle attacks. First site that comes to my mind:
> > https://www.archlinux.org/master-keys/
> 
> open a feature request and tag it with {archweb}

Done. Thanks!
https://bugs.archlinux.org/task/28771
-- 
Best regards,
Chris
                         O< ascii ribbon campaign
                   stop html mail - www.asciiribbon.org


More information about the arch-general mailing list