[aur-general] Securing the AUR website
Matej Ľach
matej.lach at gmail.com
Sat Sep 3 10:49:30 EDT 2011
On 03/09/11 14:55, Gordon JC Pearce wrote:
> On Sat, 3 Sep 2011 01:18:58 -0300
> rafael ff1<rafael.f.f1 at gmail.com> wrote:
>
>> 's' stands for Secure. Maybe security is a good reason.
>>
> Oh, okay, so you put an "S" in and it waves the magic "secure" stick. Very good.
>
> What happens if you're using a password you don't care about for AUR?
>
If you are using such password then you are putting AUR at risk because
if your password can be easily cracked there is a possibility that an
attacker would be able to compromise the whole AUR service using your
account (see recent news about kernel.org [1] [2] ) and that will not be
good at all. So please use reasonably strong password even if you don't
care about AUR yourself...
(HTTPS means HTTP over SSL, so it encrypts your COMMUNICATION - it will
not make your AUR password any more hack-proof if your password is weak)
Is there any particular problem why you can't/don't want to use HTTPS?
If yes, we may be able to help you...
[1] - http://kernel.org <http://kernel.org/>
[2] - http://pastebin.com/BKcmMd47
More information about the aur-general
mailing list