Hi, please forgive me if this isn't the right place to report the
following.
I was interested to see a list of talks that took place at DC14, so I
went to the DC14 website[1] and clicked 'Schedule'[2]. The resulting
page on a different sub-domain talks about DC14 in the wrong tense
("DebConf14 will be held…") and it seems I must "Register in Summit" to
get any further. Is it really expected for people to register to see a
list of talks for a conference in the past?
If I click around a bit further I can find links to the video streams
host[3] but this site is only showing the default nginx page and has no
onward links.
Sadly, I am currently without an index of talks with hyperlinks to
corresponding recordings where available. (I can get to the recordings
directly, mostly by remembering the address from prior debconfs, but
guessing the talk topic from the filenames is sub-optimal.)
Finally, a number of debconf.org-related websites are using HTTPS with
certs signed by "ca.debconf.org". I wasn't sure where to go to get the
CA certificate so I tried "ca.debconf.org" first.
After browsing around some more I find that I can get to the certificate
from the media[4] sub-site. On this page, all links to the SPI site
(e.g. "copy in SPI site") are broken. The text for the Debconf cert
reads "If you import the SPI certificate you do not need to also import
this, but you can." This is true, but it's also true that (with openssl
at least) you *MUST* import the SPI one - importing the debconf CA one
alone is not sufficient.
I think it wouldn't hurt to alias ca.debconf.org to media.debconf.org,
and it wouldn't hurt to add some instructions and/or links to aid people
with verifying and installing the certificates in their browsers. (I
realise this is probably handle by ca-certificates for those browsing
from a Debian system. For others, I recall that CACert have some pretty
good instructions.) Finally some kind of link on all https://* sites
using certs issued by the debconf CA with a link back to the CA would
make discovering the CA certificate a lot easier.
I'm pleased I could verify the CA certs via PGP, as I have a short trust
path to Joerg, but the key is 13 years old and 1024-bit DSA. It would be
great if someone could verify these with a more modern key, perhaps
Joerg himself with 4096R/B12525C4 (2009-05-10).
I realise that a lot of the UX pain with SSL certificates is out of
DebConf's influence to fix ☺
[1] http://debconf14.debconf.org/index.xhtml
[2] https://summit.debconf.org/debconf14/
[3] http://streams.video.debconf.org/
[4] http://media.debconf.org/
Thanks,
--
Jonathan Dowland
_______________________________________________
Debconf-team mailing list
Debconf-team@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-team
