[aur-general] Securing the AUR website

Philipp Überbacher hollunder at lavabit.com
Thu Sep 1 12:21:29 EDT 2011

Excerpts from Cédric Girard's message of 2011-09-01 18:05:36 +0200:
> On Thu, Sep 1, 2011 at 5:55 PM, Philipp Überbacher <hollunder at lavabit.com>wrote:
> > Do I understand it correctly that https-everywhere goes through a lot of
> > trouble (browser-plugin with whitelist and custom rules for every page)
> > for what could be achieved by simply defaulting to https?
> >
> The rules are included with the plugin and you benefit from its
> functionalities with a lot of other sites.
> But I do have installed this plugin because of the AUR.

I've installed it now and it works fine, thanks for the tip.

What I wonder is whether it's worth the trouble to register the site, 
maintain the rules and have users install a plugin. I'm also sceptical
because this is an opt-in solution for a security feature, which means
that a lot of users won't benefit.


More information about the aur-general mailing list