On 08/06/2011 12:54 AM, Lukas Fleischer wrote:
To prevent session hijacking, mtm attacks or whatnot I'd recommend the
following:
* Redirect all http traffic to https by default
We won't do that. HTTPs will be the default but we won't force users to
use HTTPs. If you decide to use HTTP intentionally, we won't prevent you
from doing so. HTTPs implies an unnecessary overhead and there's no
point in forcing everybody to use HTTPs even if one doesn't even have an
AUR account.
That reason is a bit childish. We had this discussion 1 year ago and
only you and Loui were against.
Seriously now, why you are against https? Do you use some aur helper
that is broken and uses http and cannot handle redirect well?
--
Ionuț
