On Sat, Jul 05, 2014 at 08:54:55AM +0900, Joel Rees wrote:
And you know, the funny thing is that MSIE took to "warning" people
when there was a mix of encrypted and unencrypted data on a page. How
long ago? Yeah, I know, it was so they could display that red herring
of a lock for "secured pages".
You don't need a warning when you are looking at un-encrypted data.
You only need a warning if you are _sending_ un-encrypted data.
This kind of threat analysis is why so many of us are still skeptical of
the need for HTTPS package mirrors.
Mike Stone
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/37d34a1a-057d-11e4-bb7f-00163eeb5...@msgid.mathom.us