[aur-dev] Dashboard

Eli Schwartz eschwartz93 at gmail.com
Sun Feb 12 15:17:52 UTC 2017

On 02/12/2017 09:56 AM, Lukas Fleischer wrote:
> Hi,
> One of the new features of the upcoming aurweb release is a dashboard
> which will be displayed in place of the regular home page after login.
> Right now, it includes
> * a list of flagged packages the logged in user (co-)maintains,
> * a list of package requests affecting the logged in user,
> * the list of packages the logged in user maintains and
> * the list of packages the logged in user co-maintains.
> You can already test the new feature under [1]. Note that you will need
> to ignore the warning your browser might show because the aur-dev
> subdomain is not part of our SSL/TLS certificate (and least with
> Firefox, this is not easily possible, because of HSTS; Chromium seems to
> work, though).

That is sorta problematic, and I am actually a bit frightened that
Chrome still hasn't fixed this policy bug.
HSTS pretty much exists as a red flag that something is deeply wrong on
a website that purports to hold to high standards; allowing users to
simply click through the warning kind of defeats the "strict" in STS.

Since the aur-dev subdomain does apparently get used on occasion, can
you see about getting that added to the certificate?
(I have just mentioned it on #archlinux-devops.)

> What are your thoughts on this? Are there any other suggestions for
> useful things to display on that page?

I'll be happy to trial it (I was waiting for this release eagerly) just
as soon as I can access it...

Eli Schwartz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-dev/attachments/20170212/caf7165f/attachment.asc>

More information about the aur-dev mailing list