[aur-general] [RFC] Draft of the AUR 4.0.0 migration notification
Giancarlo Razzolini
grazzolini at gmail.com
Mon May 25 00:31:49 UTC 2015
On 23-05-2015 06:07, Lukas Fleischer wrote:
> Note that aur4.archlinux.org does not work yet but will updated to point
> to the same IP address as aur-dev.archlinux.org soon. Comments welcome.
Lukas,
Since we are moving from an https submission system to an git+ssh
one, I think it's advisable to publish the ssh fingerprint hashes
somewhere (the wiki?), to mitigate MITM attacks. If the archlinux.org
domain had DNSSEC, there could be SSHFP records for this server. But I'm
okay with the fingerprints on an already (kind of) secure medium, since
the wiki has a TLS certificate.
Cheers,
Giancarlo Razzolini
More information about the aur-general
mailing list