On Tue, 08 Mar 2011 16:41:08 +0200 Antoni Grzymała <awa...@chopin.edu.pl> wrote:
> On Tue, 8 Mar 2011 15:26:34 +0100, MichaÅ‚ Górny wrote: > > On Mon, 07 Mar 2011 15:06:25 -0500 > > Olivier Crête <tes...@gentoo.org> wrote: > > > >> On Mon, 2011-03-07 at 20:47 +0100, Michał Górny wrote: > >> > Why does everyone assume it needs to be enforced? If user is > >> > interested in protecting his/her data, he/she can simply use > >> > https://. If he/she is not, there is no real reason to enforce > >> > slower (and not always supported) SSL. > >> > >> Maybe it's not to protect the user, but to protect the Gentoo > >> infrastructure.. And really, SSL has been supported by every > >> browser for the last 15 years. And it is not in any way slow or > >> slower than non-SSL. > > > > If you really think you need to force all users to use SSL, thus > > assuming they're unable to make their own decisions, why don't you > > restrict bugzie access completely? > > You don't seem to (or pretend not to) understand that using SSL > protects not *the user* (in which case, yes, a user is free to leave > the door to *his own* house wide open), but the Gentoo infrastructure > that is far from his own and that all of us are using. Please explain to me how not using SSL for a particular bugzie user is going to hurt Gentoo infra. Even if we're talking about a dev, and we're really assuming a dev is completely unaware of security issues he/she's dealing with, I'd say power outage could cause more damage. > Besides, complaining about SSL being slow is absurd considering how > mildly interactive and how low-traffic a typical bugzilla session is. > You could do just fine over a 9600 bps modem. It is more absurd to waste 5 minutes trying to establish login session due to packet loss. -- Best regards, Michał Górny
signature.asc
Description: PGP signature