From: "Olivier Crête" <tester@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Bugzilla 4 migration
Date: Mon, 07 Mar 2011 15:06:25 -0500 [thread overview]
Message-ID: <1299528385.26337.22.camel@TesterTop4> (raw)
In-Reply-To: <20110307204708.5da83080@pomiocik.lan>
[-- Attachment #1: Type: text/plain, Size: 1206 bytes --]
On Mon, 2011-03-07 at 20:47 +0100, Michał Górny wrote:
> On Mon, 7 Mar 2011 15:48:19 +0100
> Tobias Klausmann <klausman@gentoo.org> wrote:
>
> > On Mon, 07 Mar 2011, Mike Frysinger wrote:
> > > >> If *anybody* can't use SSL for any reason please yell so that we
> > > >> can decide if we leave it as it is (plain + encrypted) or not.
> > > >
> > > > Is there any *real* reason to force SSL? It is *hell* slow.
> > >
> > > it should of course be force for logging in
> >
> > If it is enforced for login, it should be enforced for logged
> > in sessions, cf. Cookie stealing (for a POC: Firesheep). And no,
> > restricting the login cookie to an IP is *not* "safe enough".
>
> Why does everyone assume it needs to be enforced? If user is interested
> in protecting his/her data, he/she can simply use https://. If he/she
> is not, there is no real reason to enforce slower (and not always
> supported) SSL.
Maybe it's not to protect the user, but to protect the Gentoo
infrastructure.. And really, SSL has been supported by every browser for
the last 15 years. And it is not in any way slow or slower than non-SSL.
--
Olivier Crête
tester@gentoo.org
Gentoo Developer
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2011-03-07 20:07 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-06 22:55 [gentoo-dev] Bugzilla 4 migration Christian Ruppert
[not found] ` <4D742033.5030609@gentoo.org>
2011-03-07 1:49 ` Christian Ruppert
2011-03-07 9:12 ` Michał Górny
2011-03-07 9:24 ` Dirkjan Ochtman
2011-03-07 9:30 ` Michał Górny
2011-03-07 9:25 ` Mike Frysinger
2011-03-07 14:48 ` Tobias Klausmann
2011-03-07 14:50 ` Dane Smith
2011-03-07 15:00 ` Mike Frysinger
2011-03-07 19:47 ` Michał Górny
2011-03-07 20:03 ` Christian Ruppert
2011-03-07 20:06 ` Olivier Crête [this message]
2011-03-07 21:32 ` Fabian Groffen
2011-03-07 21:52 ` Rich Freeman
2011-03-07 21:59 ` Fabian Groffen
2011-03-07 22:23 ` Mike Frysinger
2011-03-07 22:25 ` Mike Frysinger
2011-03-08 8:08 ` Fabian Groffen
2011-03-08 14:26 ` Michał Górny
2011-03-08 14:41 ` Antoni Grzymała
2011-03-08 14:53 ` Michał Górny
2011-03-08 15:06 ` Nathan Phillip Brink
2011-03-07 9:33 ` Robin H. Johnson
2011-03-07 9:51 ` Robin H. Johnson
2011-03-07 10:09 ` justin
2011-03-07 11:30 ` Jorge Manuel B. S. Vicetto
2011-03-07 14:13 ` Donnie Berkholz
2011-03-07 15:35 ` Dirkjan Ochtman
2011-03-07 15:47 ` Donnie Berkholz
2011-03-08 6:50 ` Hans de Graaff
2011-03-08 14:06 ` Donnie Berkholz
2011-03-07 12:20 ` Markos Chandras
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1299528385.26337.22.camel@TesterTop4 \
--to=tester@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox