launchpad-users team mailing list archive
Mailing list archive
Re: https ? why?
Karl Fogel wrote:
> Lukasz Szybalski <szybalski@xxxxxxxxx> writes:
>> Could you guys elaborate on why every page on launchpad.net is only
>> accessible via https?
> Security -- that is, protection from impersonation. We don't want to
> send passwords or user-specific cookies over plaintext http://, because
> that might make it possible for someone to impersonate a user, change
> that user's personal data, or view to data that only that user should
> have access to.
Agree. But, as another for instance, having download tarballs only
accessible via https makes it a bit harder for places where you're
grabbing those via wget or the like (you have to pass the