On 02/12/2017 09:56 AM, Lukas Fleischer wrote: > Hi, > > One of the new features of the upcoming aurweb release is a dashboard > which will be displayed in place of the regular home page after login. > Right now, it includes > > * a list of flagged packages the logged in user (co-)maintains, > * a list of package requests affecting the logged in user, > * the list of packages the logged in user maintains and > * the list of packages the logged in user co-maintains. > > You can already test the new feature under [1]. Note that you will need > to ignore the warning your browser might show because the aur-dev > subdomain is not part of our SSL/TLS certificate (and least with > Firefox, this is not easily possible, because of HSTS; Chromium seems to > work, though).
That is sorta problematic, and I am actually a bit frightened that Chrome still hasn't fixed this policy bug. HSTS pretty much exists as a red flag that something is deeply wrong on a website that purports to hold to high standards; allowing users to simply click through the warning kind of defeats the "strict" in STS. Since the aur-dev subdomain does apparently get used on occasion, can you see about getting that added to the certificate? (I have just mentioned it on #archlinux-devops.) > What are your thoughts on this? Are there any other suggestions for > useful things to display on that page? I'll be happy to trial it (I was waiting for this release eagerly) just as soon as I can access it... -- Eli Schwartz
signature.asc
Description: OpenPGP digital signature
