On Sat, Aug 06, 2011 at 11:10:48AM +0200, Pierre Schmitz wrote: > On Sat, 6 Aug 2011 02:29:13 +0200, Lukas Fleischer wrote: > > Agreed. I'm still against completely disabling HTTP. We will use HTTPs > > for all links by default so there shouldn't be any users unintentionally > > pasting HTTP links anywhere. Malicious links might still be an issue but > > observant users should be aware of that. And using secure cookies should > > fix that, anyway. > > I didn't tell to disable HTTP. Of course you add a redirect there and > you might even add the HSTS header. It's not only about links, also > people will just typoe in "aur.archlinux.org" into their browser bar and > that will open http by default.
Well, "Redirect all http traffic to https by default" sounded to me like disabling plain HTTP. Perhaps I took this too literally. > > Anyway, I see I am talking to walls here. Sometimes I wonder why there > is so much resistance against encryption. One would think it was the > other way round. Again, and I'm not going to repeat this... I am not against enabling encryption and I am not against making it the default. All I said is that we shouldn't turn down HTTP.
