[aur-general] aur website default ssl
Loui Chang
louipc.ist at gmail.com
Fri Oct 29 00:32:10 EDT 2010
On Thu 28 Oct 2010 18:01 +0300, Ionuț Bîru wrote:
> On 10/28/2010 03:27 AM, Loui Chang wrote:
> >On Wed 27 Oct 2010 14:14 +0200, Pierre Schmitz wrote:
> >>On Wed, 27 Oct 2010 11:40:19 +0300, Ionuț Bîru<ibiru at archlinux.org>
> >>wrote:
> >>>As i said earlier in a reply to Loui, maybe we can do it
> >>>better.Having https only for login and then redirecting to http is
> >>>like not having it at all.
> >>
> >>Simply using https for all connections is the easiest and best solution
> >>imho. Everything in between is either insecure or inconvenient for the
> >>users. And I also don't see the need for it. Every sane http client
> >>should handle a http redirect and https. If it does not it's just a bug
> >>in the client. Of course it is unfortunate that this wasn't tested by
> >>the clyde author before.
> >
> >I would appreciate if you consult aur-dev before making changes to the
> >AUR. Can you please describe how you made this change, and how we can
> >enable normal http?
>
> seriously, why did you changed it back to http over https?
>
> in less than 1 day all aur helpers are working again and i don't see
> a reason to use http again. Really, what's the point?
The AUR isn't yours alone to decide how everyone should use it.
That's one reason you should consult aur-dev before making such changes.
SSL will still work. The point is to allow users to make the choice
whether or not they want to use ssl.
That choice was impossible the way it was implemented.
More information about the aur-general
mailing list