[prev in list] [next in list] [prev in thread] [next in thread]
List: freedesktop-xorg
Subject: Re: bugs.freedesktop.org SSL certificate (was: HTML colouring in
From: Krzysztof =?utf-8?q?=C5=BBelechowski?= <giecrilj () stegny ! 2a ! pl>
Date: 2011-01-14 17:45:06
Message-ID: 201101141845.06867.giecrilj () stegny ! 2a ! pl
[Download RAW message or body]
Dnia czwartek, 13 stycznia 2011 o 22:01:37 Alan Coopersmith napisał(a):
> On 01/13/11 04:29 AM, Krzysztof Żelechowski wrote:
> > The problem with being a maintainer for anything related to the Free Desktop is \
> > the invalid security certificate for Bugzilla. <URL: \
> > http://lists.freedesktop.org/archives/xdg/2010-December/011735.html >
>
> Seems like that's mainly a problem with you. Hundreds of other people
> manage to successfully get work done with that limitation. In any case,
> that problem has to be solved by the freedesktop folks (cc'ed) - as just
> one of their hosted projects, we can't control it (though the X.Org
> Foundation has an open offer to pay the cost of a certificate if the
> freedesktop admins will obtain and install it, since the Firefox warning
> is scary and confusing to inexperienced users, and is an obstacle to
> them filing bug reports).
I hope I am the only one who bothered to use other communication channels to signal \
the problem, not the only one who can see the problem. Note that there is no need to \
pay because a basic certificate is available for free.
>
> Alternative solutions include:
>
> - ignoring bugzilla, the only thing that uses SSL. Most of the work of
> a maintainer involves ssh connections (git over ssh or posting new
> releases via scp to the download site).
Confused. The maintainer has to maintain to bug reports, doesn't she?
>
> - using the e-mail interfaces to bugzilla when possible.
Like xorg-bugzilla-noise? The noise stopped in 2005.
>
> - not worrying about bugzilla not being certified, since the only data
> being secured is your bugzilla password, which can be completely unique
> to that site so doesn't risk anything else. For most users, there is
> no private data in bugzilla beyond your password. (A few of us have
> access to the non-public security bugs before coordinated public
> disclosure, but you won't be one of those folks as a new maintainer.)
I would consider making an exception if the problem were hard to solve. I still hope \
it will be solved soon for the benefit of all FreeDesktop users. My goodness, it is \
not a corner case niche project used by several hobbyists, it is the core of \
contemporary free desktop environments!
>
> - offering to help the freedesktop admins solve the problem instead of
> constantly harping on them about it. As noted above, money for a
> certificate is not an issue - it's the work involved that needs to
> be handled.
I am willing to help but that is unfortunately not possible. Getting a security \
certificate requires entering a legal agreement with the CA. Even webmasters cannot \
do it on their own (unless authorized, of course).
Best regards,
Chris
_______________________________________________
xorg@lists.freedesktop.org: X.Org support
Archives: http://lists.freedesktop.org/archives/xorg
Info: http://lists.freedesktop.org/mailman/listinfo/xorg
Your subscription address: freedesktop-xorg@progressive-comp.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic