On 03/04/2012 12:22 PM, Christian Hesse wrote: > Hello everybody, > > (As I am not allowed to post to arch-dev-public resending it here.) > > ok, not really related to the keyring package, but it came to my mind when > installing it and while signing the key: > > I think it makes sense to not allow pages related to package signing being > delivered via http. Instead automatically redirect to https to avoid man in > the middle attacks. First site that comes to my mind: > https://www.archlinux.org/master-keys/ open a feature request and tag it with {archweb} -- Ionuț
Attachment:
signature.asc
Description: OpenPGP digital signature
