On 5 June 2013 00:05, Rob Weir <robw...@apache.org> wrote: > On Tue, Jun 4, 2013 at 5:59 PM, janI <j...@apache.org> wrote: > > On 4 June 2013 22:36, Andrea Pescetti <pesce...@apache.org> wrote: > > > >> On 03/06/2013 Rob Weir wrote: > >> > >>> I think the concern is this: > >>> 1) We want SSL for 4.0.http://update.openoffice.**org< > http://update.openoffice.org> is not HTTPS. > >>> > >>> 2) The URL https://ooo-site.openoffice.**apache.org< > https://ooo-site.openoffice.apache.org> supports SSL, but is > >>> not considered "long term stable". The URL is an artifact of the CMS > >>> 3) We're looking for a stable URL. One could be > >>> https://updates.openoffice.org**, but that requires an SSL cert for > >>> *.openoffice.org. But will that be supported in time for the AOO 4.0 > >>> release? > >>> 4) Backup plan is updates.openoffice.apache.org, which could be > >>> supported via SSL today, using the *.apache.org cert. If we do that > >>> we'd want to map that to its own CMS dir in SVN. so it can be updated > >>> and published via the CMS. > >>> > >> > >> This is mostly correct, except the fact (in #2 and #4) that the current > >> certificates only support x.apache.org and not x.y.apache.org: so > >> https://ooo-site.apache.org is what is in the sources right now (well, > >> the last time I checked) and https://openoffice-updates.**apache.org< > https://openoffice-updates.apache.org>(or something like that) should be > used for the backup plan in #4. > >> > > > > Hi > > > > I am confused, it seem we nearly all agree on > > https://updates.openoffice.orgbut not on the directory. > > > > The order for the cert is being processed, when the cert arrives it needs > > to be implemented on erebus-sll (our https: proxy), and we (infra) need > to > > do some updates on the aoo servers. > > > > In order to do this work, I need: > > > > 1) which url (e.g. https://updates.openoffice.org) > > 2) should relate to which directory in svn. > > > > The last mails contains different proposal ranging from dont do it for > 4.0 > > to different dirs, that is something I cannot implement. > > > > We can also decide to forget it for https:updates.*, but I need a single > > decision to be able to implement it. > > > > Is the cert already here? Or do we have a few weeks to decide? I'd > say, don't let this decision get in the way of deploying the cert and > enabling it for the website, wikis, forums, etc. The update site > doesn't need to be enabled until shortly before AOO 4.0 is released. > We have been promised a free cert, I just checked it is not yet in our hands.
Wiki and other services with login, will be changed to https: to adhere to asf/infra policy. This will be done on infra initative, and the actual setup will be like other servers in asf. update.o.o can come later, but it will definitively save work if we do it as one task. Of course if the decision is to postpone after 4.0, it will be 2 tasks. > > And depending on when the cert arrives, we might not use it at all for > 4.0 updates. If it comes too late we'll just use an apache.org > address. So we're really waiting for Infra on this, not the other > way around. We need an estimate for when the cert will be purchased > so we can decide whether or not it will be used for 4.0 updates. > As I understand it from the code, the end-user never sees this url, so why not stick with apache.org ? rgds jan I. > > -Rob > > > > rgds > > jan I. > > > >> > >> Regards, > >> Andrea. > >> > >> > >> > ------------------------------**------------------------------**--------- > >> To unsubscribe, e-mail: dev-unsubscribe@openoffice.**apache.org< > dev-unsubscr...@openoffice.apache.org> > >> For additional commands, e-mail: dev-h...@openoffice.apache.org > >> > >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > >
