[aur-general] Securing the AUR website

Matej Ľach matej.lach at gmail.com
Sat Sep 3 10:49:30 EDT 2011

On 03/09/11 14:55, Gordon JC Pearce wrote:
> On Sat, 3 Sep 2011 01:18:58 -0300
> rafael ff1<rafael.f.f1 at gmail.com>  wrote:
>> 's' stands for Secure. Maybe security is a good reason.
> Oh, okay, so you put an "S" in and it waves the magic "secure" stick.  Very good.
> What happens if you're using a password you don't care about for AUR?
If you are using such password then you are putting AUR at risk because 
if your password can be easily cracked there is a possibility that an 
attacker would be able to compromise the whole AUR service using your 
account (see recent news about kernel.org [1] [2] ) and that will not be 
good at all. So please use reasonably strong password even if you don't 
care about AUR yourself...

(HTTPS means HTTP over SSL, so it encrypts your COMMUNICATION - it will 
not make your AUR password any more hack-proof if your password is weak)

Is there any particular problem why you can't/don't want to use HTTPS?
If yes, we may be able to help you...

[1] - http://kernel.org <http://kernel.org/>
[2] - http://pastebin.com/BKcmMd47

More information about the aur-general mailing list