Karl Fogel wrote: > Lukasz Szybalski <szybalski@xxxxxxxxx> writes: >> Hello, >> Could you guys elaborate on why every page on launchpad.net is only >> accessible via https? > > Security -- that is, protection from impersonation. We don't want to > send passwords or user-specific cookies over plaintext http://, because > that might make it possible for someone to impersonate a user, change > that user's personal data, or view to data that only that user should > have access to. Agree. But, as another for instance, having download tarballs only accessible via https makes it a bit harder for places where you're grabbing those via wget or the like (you have to pass the ignore-invald-cert option) Monty
This is the launchpad-users mailing list archive — see also the general help for Launchpad.net mailing lists.
(Formatted by MHonArc.)