[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: people.debian.org will move from ravel to paradis and become HTTPS only



Op zondag 13 juli 2014 22:13:10 schreef Martin Zobel-Helas:
> Furthermore, we will change the people.debian.org web-service such that
> only HTTPS connections will be supported (unencrypted requests will be
> redirected).

Why?

Please note that there remain cases where accessing HTTPS is difficult
or impossible. One of these (but by no means the only one) is the
current release of debian-installer: the wget implementation inside
stable d-i does not support https, so downloading files from people.d.o
(e.g., for preseeding) will become impossible if this is implemented as
stated.

Is there an actual attack vector that we're trying to protect against
which requires us to disable plain HTTP, or is this just yet another
instance of the bogus "HTTP is obsolete" idea?

-- 
It is easy to love a country that is famous for chocolate and beer

  -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: