[Goodies-dev] Accounts for the new release manager

Brian J. Tarricone brian at tarricone.org
Wed Jul 22 19:50:18 CEST 2009


On 07/22/2009 03:50 AM, Enrico Tröger wrote:

> Additionally, the SSL certificate doesn't match the hostname. This is
> mostly just annoying and can be easily fixed by creating a proper
> certificate.

Well, that's potentially a problem.  I'm not sure if we have more than 
one IP address.  If not, all vhosts on mocha that need to use https will 
have to use the same cert.  In that case I'd probably generate a 
wildcard cert.

> Ideally, the created certificates are signed by some real
> CA like cacert.org who sign for free.

Last I checked you had to go through a retarded verification procedure 
before you can get a CAcert-signed cert.

> This way users only have to
> import the cacert.org root certificate and not to accept the
> self-signed certificate each time.

There's no need to accept it each time.  You just add an exception, like 
you have to do with the countless other OSS-related https sites that 
have a self-signed cert.

> And I assume most users don't even
> check the certificate at all, they just accept it. Also because there
> seems to be no easy way to check the fingerprints. So the most of the
> whole idea of SSL encryption is lost by this fact.

Not really.  For me, the most important part of SSL for non-critical 
services (where critical would be financial stuff, banking, etc.) is the 
encryption.

	-brian



More information about the Xfce4-dev mailing list