1 |
On Tue, 08 Mar 2011 16:41:08 +0200 |
2 |
Antoni Grzymała <awaria@××××××××××.pl> wrote: |
3 |
|
4 |
> On Tue, 8 Mar 2011 15:26:34 +0100, Michał Górny wrote: |
5 |
> > On Mon, 07 Mar 2011 15:06:25 -0500 |
6 |
> > Olivier Crête <tester@g.o> wrote: |
7 |
> > |
8 |
> >> On Mon, 2011-03-07 at 20:47 +0100, Michał Górny wrote: |
9 |
> >> > Why does everyone assume it needs to be enforced? If user is |
10 |
> >> > interested in protecting his/her data, he/she can simply use |
11 |
> >> > https://. If he/she is not, there is no real reason to enforce |
12 |
> >> > slower (and not always supported) SSL. |
13 |
> >> |
14 |
> >> Maybe it's not to protect the user, but to protect the Gentoo |
15 |
> >> infrastructure.. And really, SSL has been supported by every |
16 |
> >> browser for the last 15 years. And it is not in any way slow or |
17 |
> >> slower than non-SSL. |
18 |
> > |
19 |
> > If you really think you need to force all users to use SSL, thus |
20 |
> > assuming they're unable to make their own decisions, why don't you |
21 |
> > restrict bugzie access completely? |
22 |
> |
23 |
> You don't seem to (or pretend not to) understand that using SSL |
24 |
> protects not *the user* (in which case, yes, a user is free to leave |
25 |
> the door to *his own* house wide open), but the Gentoo infrastructure |
26 |
> that is far from his own and that all of us are using. |
27 |
|
28 |
Please explain to me how not using SSL for a particular bugzie user is |
29 |
going to hurt Gentoo infra. Even if we're talking about a dev, |
30 |
and we're really assuming a dev is completely unaware of security |
31 |
issues he/she's dealing with, I'd say power outage could cause more |
32 |
damage. |
33 |
|
34 |
> Besides, complaining about SSL being slow is absurd considering how |
35 |
> mildly interactive and how low-traffic a typical bugzilla session is. |
36 |
> You could do just fine over a 9600 bps modem. |
37 |
|
38 |
It is more absurd to waste 5 minutes trying to establish login session |
39 |
due to packet loss. |
40 |
|
41 |
-- |
42 |
Best regards, |
43 |
Michał Górny |