gforge ----- Forwarded message from Roland Mas <[EMAIL PROTECTED]> -----
The gforge-web-apache2 package in sid and lenny sets up the website with a dummy certificate if none is found existing. Users are then encouraged to replace it with a "real" one. The dummy certificate in question is the Snake Oil one, so it should already be known as a weak one (even without the SSL bug), but I guess at least some users accept it without a second thought. It would probably make sense to set up another certificate on new installs, but I'm not sure whether to replace old Snake Oil ones. ----- End forwarded message ----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
