Re: Why the insecure services??

To: Jonathan Hseu <vomjom@vomjom.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Why the insecure services??
From: Wouter Verhelst <wouter@debian.org>
Date: Wed, 12 Dec 2001 19:47:10 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.21.0112121945560.490-100000@rock.dezevensprong.local>
In-reply-to: <[🔎] 20011211174754.A3559@vomjom>

On Tue, 11 Dec 2001, Jonathan Hseu wrote:

> http://db.debian.org/ allows login via the web both securely and insecurely.
> Why even give the option of an insecure login that will give away the password
> in cleartext?
> 
> Every developer _should_ have crypto web capabilities... after all, every
> developer _does_ have a GPG key, and we often use ssh to login to machines.
> Thus, having crypto for web browsers should not be a problem.  So, which
> developers would need the insecure login?

<AOL>

<snip>
> On a same, but less severe note: why allow anonymous FTP uploads?

Because you can't upload anything into the archive without a gpg-signed
.changes (which in turn contains md5sums of the uploaded files). That's a
lot safer than the plaintext-passwords in a non-anonymous FTP upload...

-- 
wouter dot verhelst at advalvas dot be

"Human knowledge belongs to the world"
  -- From the movie "Antitrust"

Reply to:

References:
- Why the insecure services??
  - From: Jonathan Hseu <vomjom@vomjom.org>

Prev by Date: Re: splitting xpdf
Next by Date: Re: Making mutt more friendly towards site customizations
Previous by thread: Re: Why the insecure services??
Next by thread: title of debconf
Index(es):
- Date
- Thread