[fdo] bugs.freedesktop.org SSL certificate (was: HTML colouring in xedit)

Alan Coopersmith alan.coopersmith at oracle.com
Thu Jan 13 13:01:37 PST 2011 

On 01/13/11 04:29 AM, Krzysztof Żelechowski wrote:
> Dnia środa, 12 stycznia 2011 o 09:26:30 Alan Coopersmith napisał(a):
> 
>> On 01/11/11 11:19 AM, Krzysztof Żelechowski wrote:
>>> The manual page for *xedit* does not say how to switch syntax colouring off and the display for *HTML* is awful.  The font used for /code/ is smaller than the font used for /text/ , to the point of being unreadable, and using a variable-spaced font does not help either.  A partial workaround is to switch the editor to *SGML* mode.
>>>
>>> Please fix,
>>
>> The previous maintainer for xedit is no longer involved in X.Org,
>> and we were not aware anyone other than him actually used xedit.
>>
>> Please find a new editor or help find a new maintainer if you want
>> to see it fixed.
>>
>>
> 
> The problem with being a maintainer for anything related to the Free Desktop is the invalid security certificate for Bugzilla.
> <URL: http://lists.freedesktop.org/archives/xdg/2010-December/011735.html >

Seems like that's mainly a problem with you.   Hundreds of other people
manage to successfully get work done with that limitation.   In any case,
that problem has to be solved by the freedesktop folks (cc'ed) - as just
one of their hosted projects, we can't control it (though the X.Org
Foundation has an open offer to pay the cost of a certificate if the
freedesktop admins will obtain and install it, since the Firefox warning
is scary and confusing to inexperienced users, and is an obstacle to
them filing bug reports).

Alternative solutions include:

 - ignoring bugzilla, the only thing that uses SSL.   Most of the work of
   a maintainer involves ssh connections (git over ssh or posting new
   releases via scp to the download site).

 - using the e-mail interfaces to bugzilla when possible.

 - not worrying about bugzilla not being certified, since the only data
   being secured is your bugzilla password, which can be completely unique
   to that site so doesn't risk anything else.   For most users, there is
   no private data in bugzilla beyond your password.   (A few of us have
   access to the non-public security bugs before coordinated public
   disclosure, but you won't be one of those folks as a new maintainer.)

 - offering to help the freedesktop admins solve the problem instead of
   constantly harping on them about it.   As noted above, money for a
   certificate is not an issue - it's the work involved that needs to
   be handled.

-- 
	-Alan Coopersmith-        alan.coopersmith at oracle.com
	 Oracle Solaris Platform Engineering: X Window System

More information about the freedesktop mailing list