On Fri, Jul 25, 2008 at 01:35:37PM +0200, Andreas Bauer wrote:
Neither build.opensuse.org nor api.opensuse.org ever get in touch with the password, it is handled by the ichain proxy. This means even if some evil person manages to infect the api/build source or the api/build server gets hacked, no passwords can be sniffed/retrieved.
Exactly. And that doesn't depend on from where the client loads the form from. Neither does it matter. I find it also very inconvenient on the wiki that the link is far away (and actually named "Create or ..."), but of course the most annoying fact is that the extra request take AGES. Peter -- Contact: admin@opensuse.org (a.k.a. ftpadmin@suse.com) #opensuse-mirrors on freenode.net Info: http://en.opensuse.org/Mirror_Infrastructure SUSE LINUX Products GmbH Research & Development