eschwartz93 at gmail.com
Sun Feb 12 15:17:52 UTC 2017
On 02/12/2017 09:56 AM, Lukas Fleischer wrote:
> One of the new features of the upcoming aurweb release is a dashboard
> which will be displayed in place of the regular home page after login.
> Right now, it includes
> * a list of flagged packages the logged in user (co-)maintains,
> * a list of package requests affecting the logged in user,
> * the list of packages the logged in user maintains and
> * the list of packages the logged in user co-maintains.
> You can already test the new feature under . Note that you will need
> to ignore the warning your browser might show because the aur-dev
> subdomain is not part of our SSL/TLS certificate (and least with
> Firefox, this is not easily possible, because of HSTS; Chromium seems to
> work, though).
That is sorta problematic, and I am actually a bit frightened that
Chrome still hasn't fixed this policy bug.
HSTS pretty much exists as a red flag that something is deeply wrong on
a website that purports to hold to high standards; allowing users to
simply click through the warning kind of defeats the "strict" in STS.
Since the aur-dev subdomain does apparently get used on occasion, can
you see about getting that added to the certificate?
(I have just mentioned it on #archlinux-devops.)
> What are your thoughts on this? Are there any other suggestions for
> useful things to display on that page?
I'll be happy to trial it (I was waiting for this release eagerly) just
as soon as I can access it...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the aur-dev