[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: people.debian.org will move from ravel to paradis and become HTTPS only

Hi Martin,

On Sun, Jul 13, 2014 at 10:13:10PM +0200, Martin Zobel-Helas wrote:
> Furthermore, we will change the people.debian.org web-service such that
> only HTTPS connections will be supported (unencrypted requests will be
> redirected).

Could you elaborate on why people.d.o will enforce https?  If http
connections are still allowed, this doesn't provide any protection from a
MITM attack for most users; and the contents of people.d.o are not generally
security sensitive.  Is this part of a broader effort by DSA to increase use
of https by default as a deterrent to large-scale traffic sniffing?

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: