Re: Why the insecure services??
On Tue, 11 Dec 2001, Jonathan Hseu wrote:
> http://db.debian.org/ allows login via the web both securely and insecurely.
> Why even give the option of an insecure login that will give away the password
> in cleartext?
> Every developer _should_ have crypto web capabilities... after all, every
> developer _does_ have a GPG key, and we often use ssh to login to machines.
> Thus, having crypto for web browsers should not be a problem. So, which
> developers would need the insecure login?
> On a same, but less severe note: why allow anonymous FTP uploads?
Because you can't upload anything into the archive without a gpg-signed
.changes (which in turn contains md5sums of the uploaded files). That's a
lot safer than the plaintext-passwords in a non-anonymous FTP upload...
wouter dot verhelst at advalvas dot be
"Human knowledge belongs to the world"
-- From the movie "Antitrust"