[aur-general] Securing the AUR website
Pierre Schmitz
pierre at archlinux.de
Sat Aug 6 07:28:55 EDT 2011
On Sat, 6 Aug 2011 12:26:53 +0200, Lukas Fleischer wrote:
> * Because there might be sucky applications on crappy embedded devices
> that do not support HTTPs (although I doubt there's actually a lot of
> these).
OK, let's say this is not a valid argument.
> * Because there's some overhead.
For our site this would be barely measurable and definitely not
noticeable.
> * I know these aren't strong arguments, but even having no real reason
> against encryption doesn't mean that we should disable HTTP if there's
> no real objection against using HTTP with reason as well.
There are quite a lot of reasons for using https. And even unsure, one
should prefer https as it improves security in some cases and in worst
case wont have any real downside.
I have found some other article (including nmore links) which might be
interesting to read:
https://www.eff.org/pages/how-deploy-https-correctly
--
Pierre Schmitz, https://users.archlinux.de/~pierre
More information about the aur-general
mailing list