[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Why the insecure services??

http://db.debian.org/ allows login via the web both securely and insecurely.
Why even give the option of an insecure login that will give away the password
in cleartext?

Every developer _should_ have crypto web capabilities... after all, every
developer _does_ have a GPG key, and we often use ssh to login to machines.
Thus, having crypto for web browsers should not be a problem.  So, which
developers would need the insecure login?

I say this because I have once logged in (on accident) using normal login at
http://db.debian.org/, and immediately changed my password afterwards (I'm

On a same, but less severe note: why allow anonymous FTP uploads?

Jonathan Hseu <vomjom@vomjom.org, vomjom@debian.org, jh4@cec.wustl.edu>
GPG ID:          5228D713
GPG fingerprint: 220B A4EF 70FE B884 CB38  F93F EA8A 1024 5228 D713

Attachment: pgpBvvXLDu4qM.pgp
Description: PGP signature

Reply to: