[aur-general] Securing the AUR website

Thomas Bächler thomas at archlinux.org
Mon Sep 5 08:44:29 EDT 2011

Am 03.09.2011 17:49, schrieb Gordon JC Pearce:
> The other is that switching to https has left AUR in a fundamentally broken state.  If you search for a package on AUR with any of the significant search engines, they return an http link.  You can't do anything with this, though, because *even if you're logged in* you get the "ZOMG OH NOES YOU AREN'T USING HTTPS AND HTTPS IS TEH AWSUM!!!!11!!11!" message.
> Now, if clicking on that took you *to the same page but with https* that would be fine, but it doesn't.  It unceremoniously dumps you on the index page for AUR, with no way to get back to the package that you googled.

This is a detail you could have shared in your first post and this
discussion would have been a lot shorter. This is a bug, it belongs to
the bugtracker and it is (as far as I can see) trivial to fix.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/aur-general/attachments/20110905/9ef9b841/attachment-0001.asc>

More information about the aur-general mailing list