[Goodies-dev] Accounts for the new release manager
Jannis Pohlmann
jannis at xfce.org
Wed Jul 22 14:26:28 CEST 2009
On Wed, 22 Jul 2009 12:50:22 +0200
Enrico Tröger <enrico.troeger at uvena.de> wrote:
> On Wed, 22 Jul 2009 12:42:41 +0200, Nick wrote:
>
> >Another point. Can we change passwords? Looked at the code and it
> >seems the config file contains hard-coded sha1 hashes right? Maybe it
> >can use the mocha passwords, the ones we can modify at
> >https://xfce.org/.
>
> +1.
>
> It's annoying to have separate passwords for each service :(.
It's not too difficult to make moka read the passwords from that https
auth file. But AFAIK we'll use SSH for the git accounts, so that will
change once again anyway.
> Additionally, the SSL certificate doesn't match the hostname. This is
> mostly just annoying and can be easily fixed by creating a proper
> certificate. Ideally, the created certificates are signed by some real
> CA like cacert.org who sign for free. This way users only have to
> import the cacert.org root certificate and not to accept the
> self-signed certificate each time. And I assume most users don't even
> check the certificate at all, they just accept it. Also because there
> seems to be no easy way to check the fingerprints. So the most of the
> whole idea of SSL encryption is lost by this fact.
Auke, any idea?
- Jannis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://mail.xfce.org/pipermail/xfce4-dev/attachments/20090722/e8eaa3d1/attachment.pgp>
More information about the Xfce4-dev
mailing list