On 03/09/11 14:55, Gordon JC Pearce wrote:
On Sat, 3 Sep 2011 01:18:58 -0300
rafael ff1<[email protected]> wrote:
's' stands for Secure. Maybe security is a good reason.
Oh, okay, so you put an "S" in and it waves the magic "secure" stick. Very
good.
What happens if you're using a password you don't care about for AUR?
If you are using such password then you are putting AUR at risk because
if your password can be easily cracked there is a possibility that an
attacker would be able to compromise the whole AUR service using your
account (see recent news about kernel.org [1] [2] ) and that will not be
good at all. So please use reasonably strong password even if you don't
care about AUR yourself...
(HTTPS means HTTP over SSL, so it encrypts your COMMUNICATION - it will
not make your AUR password any more hack-proof if your password is weak)
Is there any particular problem why you can't/don't want to use HTTPS?
If yes, we may be able to help you...
[1] - http://kernel.org <http://kernel.org/>
[2] - http://pastebin.com/BKcmMd47
