[aur-general] aur website default ssl

Alexander Duscheleit jinks at archlinux.us
Tue Nov 2 01:15:49 EDT 2010


On Thu, 28 Oct 2010 09:56:27 +0200
Pierre Schmitz <pierre at archlinux.de> wrote:

> [...]
> 
> In general I think it's a good idea that we now use https for most
> sites and we shouldn't discuss about if that is sane or not but why
> are some clients unable to handle it.
> 

This just popped into my feedreader:
http://utcc.utoronto.ca/~cks/space/blog/web/HttpToHttpsRedirectionBad

In general I'm a big fan of https-only websites, but the article has
some valid points nonetheless. There seems to be no *good* way to
balance convenience and security in this matter. Perhaps if browser
makers started to try https first when given no protocol, but that's
probably never gonna happen.

-- 
Alexander Duscheleit <jinks at archlinux.us>


More information about the aur-general mailing list