bugs.freedesktop.org SSL certificate (was: HTML colouring in xedit)

Krzysztof Żelechowski giecrilj at stegny.2a.pl
Fri Jan 14 09:45:06 PST 2011 

Dnia czwartek, 13 stycznia 2011 o 22:01:37 Alan Coopersmith napisał(a):
> On 01/13/11 04:29 AM, Krzysztof Żelechowski wrote:
> > The problem with being a maintainer for anything related to the Free Desktop is the invalid security certificate for Bugzilla.
> > <URL: http://lists.freedesktop.org/archives/xdg/2010-December/011735.html >
> 
> Seems like that's mainly a problem with you.   Hundreds of other people
> manage to successfully get work done with that limitation.   In any case,
> that problem has to be solved by the freedesktop folks (cc'ed) - as just
> one of their hosted projects, we can't control it (though the X.Org
> Foundation has an open offer to pay the cost of a certificate if the
> freedesktop admins will obtain and install it, since the Firefox warning
> is scary and confusing to inexperienced users, and is an obstacle to
> them filing bug reports).

I hope I am the only one who bothered to use other communication channels to signal the problem, not the only one who can see the problem.
Note that there is no need to pay because a basic certificate is available for free.

> 
> Alternative solutions include:
> 
>  - ignoring bugzilla, the only thing that uses SSL.   Most of the work of
>    a maintainer involves ssh connections (git over ssh or posting new
>    releases via scp to the download site).

Confused.  The maintainer has to maintain to bug reports, doesn’t she?

> 
>  - using the e-mail interfaces to bugzilla when possible.

Like xorg-bugzilla-noise?  The noise stopped in 2005.

> 
>  - not worrying about bugzilla not being certified, since the only data
>    being secured is your bugzilla password, which can be completely unique
>    to that site so doesn't risk anything else.   For most users, there is
>    no private data in bugzilla beyond your password.   (A few of us have
>    access to the non-public security bugs before coordinated public
>    disclosure, but you won't be one of those folks as a new maintainer.)

I would consider making an exception if the problem were hard to solve.  I still hope it will be solved soon for the benefit of all FreeDesktop users.  My goodness, it is not a corner case niche project used by several hobbyists, it is the core of contemporary free desktop environments!

> 
>  - offering to help the freedesktop admins solve the problem instead of
>    constantly harping on them about it.   As noted above, money for a
>    certificate is not an issue - it's the work involved that needs to
>    be handled.

I am willing to help but that is unfortunately not possible.  Getting a security certificate requires entering a legal agreement with the CA.  Even webmasters cannot do it on their own (unless authorized, of course).

Best regards,
Chris

More information about the xorg mailing list