It would useful to have HTTPS because of the wide spread mass surveillance https://en.wikipedia.org/wiki/2013_mass_surveillance_disclosures#.22Mastering_the_Internet.22 https://en.wikipedia.org/wiki/Bullrun_%28code_name%29
> ** Tue, 01 Oct 2013 14:26:53 +0200 - 725...@bugs.debian.org, "Gerfried Fuchs" > <rho...@deb.at> ** > > HTTPS makes MiTM attacks harder. There is important information > on www.debian.org which should be protected against modification. > For example GPG fingerprints: http://www.debian.org/CD/verify > > Of course GPG keys should be checked using Web of Trust, but > HTTPS could be the first layer of protection. From the user > point of view it's automatic and transparent. > > keyring.debian.org doesn't support HTTPS ... > > > > ** Tue, 1 Oct 2013 13:59:28 +0200 - 725...@bugs.debian.org, "Gerfried > > Fuchs" <rho...@deb.at> ** > > > > * milan.kral <milan.k...@azet.sk> [2013-10-01 13:34:05 CEST]: > > > www.debian.org is important main Debian web page, but it doesn't > > > support https. Could it be possible to enable HTTPS? For example > > > lists.debian.org, wiki.debian.org support HTTPS. > > > > Because on lists.debian.org you have subscribe information, handing > > over email addresses that you might not want to get eavesdropped, and on > > wiki you have login information that you clearly don't want to have go > > unencrypted over the wire. > > > > What information you consider exchanging with www.debian.org that you > > consider sensitive and needing https? "Because we can" doesn't sound > > very convincing to me. :) > > > > Enjoy! > > Rhonda > > -- > > Fühlst du dich mutlos, fass endlich Mut, los | > > Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden > > Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang > > Fühlst du dich haltlos, such Halt und lass los | -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
