Hi Martin, On Sun, Jul 13, 2014 at 10:13:10PM +0200, Martin Zobel-Helas wrote: > Furthermore, we will change the people.debian.org web-service such that > only HTTPS connections will be supported (unencrypted requests will be > redirected). Could you elaborate on why people.d.o will enforce https? If http connections are still allowed, this doesn't provide any protection from a MITM attack for most users; and the contents of people.d.o are not generally security sensitive. Is this part of a broader effort by DSA to increase use of https by default as a deterrent to large-scale traffic sniffing? Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: Digital signature