[aur-general] Securing the AUR website

Pierre Schmitz pierre at archlinux.de
Sat Aug 6 07:28:55 EDT 2011

On Sat, 6 Aug 2011 12:26:53 +0200, Lukas Fleischer wrote:
> * Because there might be sucky applications on crappy embedded devices
>   that do not support HTTPs (although I doubt there's actually a lot of
>   these).

OK, let's say this is not a valid argument.

> * Because there's some overhead.

For our site this would be barely measurable and definitely not

> * I know these aren't strong arguments, but even having no real reason
>   against encryption doesn't mean that we should disable HTTP if there's
>   no real objection against using HTTP with reason as well.

There are quite a lot of reasons for using https. And even unsure, one
should prefer https as it improves security in some cases and in worst
case wont have any real downside.

I have found some other article (including nmore links) which might be
interesting to read:

Pierre Schmitz, https://users.archlinux.de/~pierre

More information about the aur-general mailing list