[aur-general] [RFC] Draft of the AUR 4.0.0 migration notification

Giancarlo Razzolini grazzolini at gmail.com
Mon May 25 00:31:49 UTC 2015

On 23-05-2015 06:07, Lukas Fleischer wrote:
> Note that aur4.archlinux.org does not work yet but will updated to point
> to the same IP address as aur-dev.archlinux.org soon. Comments welcome.

    Since we are moving from an https submission system to an git+ssh
one, I think it's advisable to publish the ssh fingerprint hashes
somewhere (the wiki?), to mitigate MITM attacks. If the archlinux.org
domain had DNSSEC, there could be SSHFP records for this server. But I'm
okay with the fingerprints on an already (kind of) secure medium, since
the wiki has a TLS certificate.

Giancarlo Razzolini

More information about the aur-general mailing list