[aur-general] Securing the AUR website
pierre at archlinux.de
Sat Aug 6 07:40:38 EDT 2011
On Sat, 6 Aug 2011 04:30:09 -0400, Loui Chang wrote:
> This is why the redirects are also a charade.
> If Bob requests http://aur.archlinux.org but is redirected to
> http://aur.archlinux.frank.org rather than https://aur.archlinux.org
> he is probably expecting http anyways and may not bat an eye.
HSTS tries to address this issue. At least regular users will be
secured by using this.
Pierre Schmitz, https://users.archlinux.de/~pierre
More information about the aur-general