[aur-general] Securing the AUR website

Pierre Schmitz pierre at archlinux.de
Sat Aug 6 07:40:38 EDT 2011

On Sat, 6 Aug 2011 04:30:09 -0400, Loui Chang wrote:
> This is why the redirects are also a charade.
> If Bob requests http://aur.archlinux.org but is redirected to
> http://aur.archlinux.frank.org rather than https://aur.archlinux.org
> he is probably expecting http anyways and may not bat an eye.

HSTS tries to address this issue. At least regular users will be
secured by using this.
Pierre Schmitz, https://users.archlinux.de/~pierre

More information about the aur-general mailing list