Xfce sub-domains get ssl certificates
pasi at shimmerproject.org
Sat Mar 26 10:33:02 CET 2011
On 03/26/2011 10:42 AM, Jean-François Wauthy wrote:
> Le samedi 26 mars 2011 à 02:32 +0200, Pasi Lallinaho a écrit :
>> On 03/26/2011 12:53 AM, Nick Schermer wrote:
>>> A number of Xfce sub-domains where users login and send data will get
>>> ssl certificates and https-only access. As a start bugzilla.xfce.org
>>> is https only. Translations, wiki and forum will follow. I'm not sure
>>> the last two should be https-only but I guess it won't hurt, unless
>>> someone complains (?).
>>> Xfce4-dev mailing list
>>> Xfce4-dev at xfce.org
>> I think it's okay as long as the certificate is by a trusted issuer and
>> you don't specifically need to "allow and untrusted connection". If you
>> do need to do that, then it's ridiculous and you should allow normal
>> HTTP access immediately.
> They will be issued by a 'trusted' CA. But using self-signed
> certificates or using your own CA (not trusted by your browser by
> default) is not ridiculous because it provides encryption of your
> connection that you can't have with HTTP.
> Self-signed certificates are useful when you don't want to waste money
> on certs and to still provide an acceptable level of privacy for
> communications with your website.
I don't think that a forum (or wiki) is something that needs to be
secured by any means, though. Throwing too much burden (yes, many are so
impatient than a few clicks is too much) on the shoulders of users
before they can even get to the site renders them angry ;) Also, some
really are very paranoid and panic right away when they see the words
> Xfce4-dev mailing list
> Xfce4-dev at xfce.org
Pasi Lallinaho » http://open.knome.fi/
Leader of the Shimmer Project » http://shimmerproject.org/
Webdesigner, graphic artist, Ubuntu member » IRC: knome @ freenode
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Xfce4-dev