[Goodies-dev] Accounts for the new release manager

Enrico Tröger enrico.troeger at uvena.de
Wed Jul 22 12:50:22 CEST 2009


On Wed, 22 Jul 2009 12:42:41 +0200, Nick wrote:

>Another point. Can we change passwords? Looked at the code and it
>seems the config file contains hard-coded sha1 hashes right? Maybe it
>can use the mocha passwords, the ones we can modify at
>https://xfce.org/.

+1.

It's annoying to have separate passwords for each service :(.

Additionally, the SSL certificate doesn't match the hostname. This is
mostly just annoying and can be easily fixed by creating a proper
certificate. Ideally, the created certificates are signed by some real
CA like cacert.org who sign for free. This way users only have to
import the cacert.org root certificate and not to accept the
self-signed certificate each time. And I assume most users don't even
check the certificate at all, they just accept it. Also because there
seems to be no easy way to check the fingerprints. So the most of the
whole idea of SSL encryption is lost by this fact.


Regards,
Enrico

-- 
Get my GPG key from http://www.uvena.de/pub.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://mail.xfce.org/pipermail/xfce4-dev/attachments/20090722/96f156fe/attachment.pgp>


More information about the Xfce4-dev mailing list