[Goodies-dev] Accounts for the new release manager

Jannis Pohlmann jannis at xfce.org
Wed Jul 22 14:26:28 CEST 2009

On Wed, 22 Jul 2009 12:50:22 +0200
Enrico Tröger <enrico.troeger at uvena.de> wrote:

> On Wed, 22 Jul 2009 12:42:41 +0200, Nick wrote:
> >Another point. Can we change passwords? Looked at the code and it
> >seems the config file contains hard-coded sha1 hashes right? Maybe it
> >can use the mocha passwords, the ones we can modify at
> >https://xfce.org/.
> +1.
> It's annoying to have separate passwords for each service :(.

It's not too difficult to make moka read the passwords from that https
auth file. But AFAIK we'll use SSH for the git accounts, so that will
change once again anyway. 

> Additionally, the SSL certificate doesn't match the hostname. This is
> mostly just annoying and can be easily fixed by creating a proper
> certificate. Ideally, the created certificates are signed by some real
> CA like cacert.org who sign for free. This way users only have to
> import the cacert.org root certificate and not to accept the
> self-signed certificate each time. And I assume most users don't even
> check the certificate at all, they just accept it. Also because there
> seems to be no easy way to check the fingerprints. So the most of the
> whole idea of SSL encryption is lost by this fact.

Auke, any idea?

  - Jannis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://mail.xfce.org/pipermail/xfce4-dev/attachments/20090722/e8eaa3d1/attachment.pgp>

More information about the Xfce4-dev mailing list