Re: transfering files between *.debian.org hosts
Wouter Verhelst <firstname.lastname@example.org> writes:
> (for some infathomable reason, the firefox developers consider Negotiate
> authentication to be unsafe with untrusted and/or non-SSL hosts. Dunno
> why that is, and never saw a compelling argument...)
Well, having your browser spontaneously authenticate you to any system
keyed in your local realm or in a realm with which you have cross-realm
trust is something of a leak of personal information. I can see why they
wouldn't want that to happen silently on request.
I think the real solution would be to add a drop-down prompt similar to
the prompts for pop-up menus and the like for sites that are attempting
Negotiate-Auth, rather than just disabling it by default....
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>