Am 01.09.2011 13:01, schrieb Lukas Fleischer: >>>> archlinux.org -> http -> no login anyway >>>> bbs.archlinux.org -> https -> separate login page >>>> wiki.archlinux.org -> https -> separate login page >>>> bugs.archlinux.org -> https -> login on main page >>>> aur.archlinux.org -> http -> login on main page >>>> >>>> As you can see, AUR is the fish out of water here, login is on the >>>> arrival page, but you can't log in by default. I'm sorry to make the >>>> suggestion this late, but I'd vote for https as default for AUR. >>> >>> HTTPs is the default - unless you request the HTTP version explicitly. I >>> know that some of the navigation bar links aren't updated yet. I sent a >>> patch for Flyspray to Pierre, and also asked him to update the header >>> include used in our cgit setup. It should be only a matter of time until >>> all links are up-to-date. >> >> When I type aur.archlinux.org in firefox I get the http version, that's >> what I mean by default. Thanks for your efforts to secure AUR. > > Yeah, you request the HTTP version (your browser does this automatically > if you skip the protocol part), so this is kind of expected behaviour. > We could introduce an HTTPs redirect for the AUR home page. Not sure if > that is the right thing to do, though.
I'd like to remind everyone again that Arch Linux is now included in the https-everywhere default rules, see [1]. This will always redirect you to https on every Arch Linux site (even releng, www, planet, where it isn't actually needed). [1] https://www.eff.org/https-everywhere/
signature.asc
Description: OpenPGP digital signature
