On Sat, Jul 05, 2014 at 08:54:55AM +0900, Joel Rees wrote:
And you know, the funny thing is that MSIE took to "warning" people
when there was a mix of encrypted and unencrypted data on a page. How
long ago? Yeah, I know, it was so they could display that red herring
of a lock for "secured pages".
You don't need a warning when you are looking at un-encrypted data.
You only need a warning if you are _sending_ un-encrypted data.
This kind of threat analysis is why so many of us are still skeptical of
the need for HTTPS package mirrors.
Mike Stone
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
https://lists.debian.org/[email protected]
