[aur-general] aur website default ssl

Pierre Schmitz pierre at archlinux.de
Wed Oct 27 08:14:54 EDT 2010

On Wed, 27 Oct 2010 11:40:19 +0300, Ionuț Bîru <ibiru at archlinux.org>
> As i said earlier in a reply to Loui, maybe we can do it
> better.Having https only for login and then redirecting to http is
> like not having it at all.

Simply using https for all connections is the easiest and best solution
imho. Everything in between is either insecure or inconvenient for the
users. And I also don't see the need for it. Every sane http client
should handle a http redirect and https. If it does not it's just a bug
in the client. Of course it is unfortunate that this wasn't tested by
the clyde author before.

Pierre Schmitz, https://users.archlinux.de/~pierre

More information about the aur-general mailing list