[aur-general] aur website default ssl

Xyne xyne at archlinux.ca
Fri Oct 29 13:25:16 EDT 2010


On 2010-10-29 00:32 -0400 (43:5)
Loui Chang wrote:

> On Thu 28 Oct 2010 18:01 +0300, Ionuț Bîru wrote:
> > On 10/28/2010 03:27 AM, Loui Chang wrote:
> > >On Wed 27 Oct 2010 14:14 +0200, Pierre Schmitz wrote:
> > >>On Wed, 27 Oct 2010 11:40:19 +0300, Ionuț Bîru<ibiru at archlinux.org>
> > >>wrote:
> > >>>As i said earlier in a reply to Loui, maybe we can do it
> > >>>better.Having https only for login and then redirecting to http is
> > >>>like not having it at all.
> > >>
> > >>Simply using https for all connections is the easiest and best solution
> > >>imho. Everything in between is either insecure or inconvenient for the
> > >>users. And I also don't see the need for it. Every sane http client
> > >>should handle a http redirect and https. If it does not it's just a bug
> > >>in the client. Of course it is unfortunate that this wasn't tested by
> > >>the clyde author before.
> > >
> > >I would appreciate if you consult aur-dev before making changes to the
> > >AUR. Can you please describe how you made this change, and how we can
> > >enable normal http?
> >
> > seriously, why did you changed it back to http over https?
> >
> > in less than 1 day all aur helpers are working again and i don't see
> > a reason to use http again. Really, what's the point?
> 
> The AUR isn't yours alone to decide how everyone should use it.
> That's one reason you should consult aur-dev before making such changes.
> 
> SSL will still work. The point is to allow users to make the choice
> whether or not they want to use ssl.
> 
> That choice was impossible the way it was implemented.

I think it's great that the AUR uses HTTPS by default (I've given reasons for
preferring HTTPS in general on the forum) but I also agree that users should be
able to access the site via HTTP if they so choose.





More information about the aur-general mailing list