Mailinglist Archive: opensuse (1355 mails)

< Previous Next >
Re: [opensuse] Re: opensuse mailing list site ridiculousness
On 2018-06-17 06:45, L A Walsh wrote:
Knurpht@openSUSE wrote:


The fact that browsers have developed new features that make me aware,
f.e. that some https page redirects me to an http page? That all up to
date browsers warn my dad for not trusting an http site. I'll thank
all involved for making stuff like that.
---
    I've not encountered any such broken browsers -- vs. if you send
DATA to them (i.e. submit text to them), then I've seen warnings that your
text is not encrypted.  That's very different from pure "browsing".

This feature exists, somewhere I've seen it. You are browsing https, get
http instead, warn.

    I've also seen many sites that use https for passwords but http
for non sensitive data.

Yes, many, but fewer now.


I don't see this as google kissing. AFAICT Google was just an example.
---
    But it is google kissing.  Google has been the one pushing for
it -- but it's not needed for most things.  They want it to make sure
their ads get through/can't be filtered except, maybe, at the browser --
which they also control if you use chrome.

That may be their real reason, yes.

...

    Thank-you google for making the need for decryption a standard
such that even I go through the trouble so I can continue to cache
traffic.

Ah, caches stop working. Good point.


    So people can give excuses like google...but they will never
stop indexing -- it would go against what they do.

They get lower priority.


BTW, if you want proof, I looked up words:
atkmm1_6-doc-2.24.2-2.1.noarch.rpm 08-Mar-2018 542K

It picked up this unencrypted website:
"http://www.nic.funet.fi/index/opensuse/tumbleweed/repo/oss/noarch/";

It's not the only one.

Well, Per said he would propose having both versions.


You may think I'm talking "off topic"...but I'm not.  There's
no reason for such security on a public web-copy of a email list,
nor a distro-download site (that does have other methods of
guaranteeing integrity).

There was talk about making the main opensuse download site encrypted
(before google got interested), but only to ensure that some of the
requests that are not protected by PGP get the site default instead. The
metadata that tells us what to download. And no spoofing.

--
Cheers / Saludos,

Carlos E. R.
(from 42.3 x86_64 "Malachite" at Telcontar)

< Previous Next >
Follow Ups