launchpad-users team mailing list archive

Thread
Date

Re: https ? why?

To: Karl Fogel <karl.fogel@xxxxxxxxxxxxx>
From: Monty Taylor <monty@xxxxxxxxxxxx>
Date: Tue, 14 Apr 2009 13:39:33 -0700
Cc: launchpad-users <launchpad-users@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <87hc0r3t5d.fsf@canonical.com>
User-agent: Thunderbird 2.0.0.21 (X11/20090319)

Karl Fogel wrote:
> Lukasz Szybalski <szybalski@xxxxxxxxx> writes:
>> Hello,
>> Could you guys elaborate on why every page on launchpad.net is only
>> accessible via https?
> 
> Security -- that is, protection from impersonation.  We don't want to
> send passwords or user-specific cookies over plaintext http://, because
> that might make it possible for someone to impersonate a user, change
> that user's personal data, or view to data that only that user should
> have access to.

Agree. But, as another for instance, having download tarballs only
accessible via https makes it a bit harder for places where you're
grabbing those via wget or the like (you have to pass the
ignore-invald-cert option)

Monty

Follow ups

Re: https ? why?
From: Gavin Panella, 2009-04-14
Re: https ? why?
From: Christian Robottom Reis, 2009-04-14
Re: https ? why?
From: Karl Fogel, 2009-04-14

References

https ? why?
From: Lukasz Szybalski, 2009-04-14
Re: https ? why?
From: Karl Fogel, 2009-04-14