[aur-general] Securing the AUR website
archlinux at cryptocrack.de
Mon Sep 5 08:51:57 EDT 2011
On Mon, Sep 05, 2011 at 02:44:29PM +0200, Thomas Bächler wrote:
> Am 03.09.2011 17:49, schrieb Gordon JC Pearce:
> > The other is that switching to https has left AUR in a fundamentally broken state. If you search for a package on AUR with any of the significant search engines, they return an http link. You can't do anything with this, though, because *even if you're logged in* you get the "ZOMG OH NOES YOU AREN'T USING HTTPS AND HTTPS IS TEH AWSUM!!!!11!!11!" message.
> > Now, if clicking on that took you *to the same page but with https* that would be fine, but it doesn't. It unceremoniously dumps you on the index page for AUR, with no way to get back to the package that you googled.
> This is a detail you could have shared in your first post and this
> discussion would have been a lot shorter. This is a bug, it belongs to
> the bugtracker and it is (as far as I can see) trivial to fix.
Do not open another ticket, please. There's FS#25757  already and I
sent a patch addressing that bug to aur-dev . I will push that and
update our live setup as soon as I get round to it.
More information about the aur-general