http://db.debian.org/ allows login via the web both securely and insecurely. Why even give the option of an insecure login that will give away the password in cleartext? Every developer _should_ have crypto web capabilities... after all, every developer _does_ have a GPG key, and we often use ssh to login to machines. Thus, having crypto for web browsers should not be a problem. So, which developers would need the insecure login? I say this because I have once logged in (on accident) using normal login at http://db.debian.org/, and immediately changed my password afterwards (I'm paranoid). On a same, but less severe note: why allow anonymous FTP uploads? -- Jonathan Hseu <vomjom@vomjom.org, vomjom@debian.org, jh4@cec.wustl.edu> GPG ID: 5228D713 GPG fingerprint: 220B A4EF 70FE B884 CB38 F93F EA8A 1024 5228 D713
Attachment:
pgpBvvXLDu4qM.pgp
Description: PGP signature