On 2010-10-29 00:32 -0400 (43:5) Loui Chang wrote: > On Thu 28 Oct 2010 18:01 +0300, Ionuț Bîru wrote: > > On 10/28/2010 03:27 AM, Loui Chang wrote: > > >On Wed 27 Oct 2010 14:14 +0200, Pierre Schmitz wrote: > > >>On Wed, 27 Oct 2010 11:40:19 +0300, Ionuț Bîru<[email protected]> > > >>wrote: > > >>>As i said earlier in a reply to Loui, maybe we can do it > > >>>better.Having https only for login and then redirecting to http is > > >>>like not having it at all. > > >> > > >>Simply using https for all connections is the easiest and best solution > > >>imho. Everything in between is either insecure or inconvenient for the > > >>users. And I also don't see the need for it. Every sane http client > > >>should handle a http redirect and https. If it does not it's just a bug > > >>in the client. Of course it is unfortunate that this wasn't tested by > > >>the clyde author before. > > > > > >I would appreciate if you consult aur-dev before making changes to the > > >AUR. Can you please describe how you made this change, and how we can > > >enable normal http? > > > > seriously, why did you changed it back to http over https? > > > > in less than 1 day all aur helpers are working again and i don't see > > a reason to use http again. Really, what's the point? > > The AUR isn't yours alone to decide how everyone should use it. > That's one reason you should consult aur-dev before making such changes. > > SSL will still work. The point is to allow users to make the choice > whether or not they want to use ssl. > > That choice was impossible the way it was implemented.
I think it's great that the AUR uses HTTPS by default (I've given reasons for preferring HTTPS in general on the forum) but I also agree that users should be able to access the site via HTTP if they so choose.
