← Back to team overview

launchpad-users team mailing list archive

Re: https ? why?


Karl Fogel wrote:
> Lukasz Szybalski <szybalski@xxxxxxxxx> writes:
>> Hello,
>> Could you guys elaborate on why every page on launchpad.net is only
>> accessible via https?
> Security -- that is, protection from impersonation.  We don't want to
> send passwords or user-specific cookies over plaintext http://, because
> that might make it possible for someone to impersonate a user, change
> that user's personal data, or view to data that only that user should
> have access to.

Agree. But, as another for instance, having download tarballs only
accessible via https makes it a bit harder for places where you're
grabbing those via wget or the like (you have to pass the
ignore-invald-cert option)


Follow ups