Op zondag 13 juli 2014 22:13:10 schreef Martin Zobel-Helas: > Furthermore, we will change the people.debian.org web-service such that > only HTTPS connections will be supported (unencrypted requests will be > redirected). Why? Please note that there remain cases where accessing HTTPS is difficult or impossible. One of these (but by no means the only one) is the current release of debian-installer: the wget implementation inside stable d-i does not support https, so downloading files from people.d.o (e.g., for preseeding) will become impossible if this is implemented as stated. Is there an actual attack vector that we're trying to protect against which requires us to disable plain HTTP, or is this just yet another instance of the bogus "HTTP is obsolete" idea? -- It is easy to love a country that is famous for chocolate and beer -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26
Description: This is a digitally signed message part.