On 26 January 2014 16:54, Andrea Pescetti <pesce...@apache.org> wrote:
> On 23/01/2014 Roberto Galoppini wrote: > >> Time by time we receive end-users' requests asking why extensions. and >> templates. don't run under HTTPS. >> If we want to, SourceForge would be happy to install such certificates. >> Thoughts? >> > > It would make sense to have HTTPS on both those sites. > > Infra managed all of this internally so I don't know any details, but we > now have a certificate for *.openoffice.org that we are using on the wiki > and forum. Of course, the difference is that wiki/forum are hosted > internally, and I believe it's impossible, for security reasons, to make > that same certificate available for extensions and templates, which are > hosted externally. > > I suggest that we proceed as follows: if there is consensus that it is a > good feature to have HTTPS on Extensions and Templates, we will contact > Infra and ask what to do (maybe the project should create two separate > certificates covering only extensions.openoffice.org and > templates.openoffice.org and hand them over to SourceForge to apply them; > but honestly I don't know). > > Wearing my infra hat: *.openoffice.org can only be used for services located on apache hosts, we cannot give the certificate to e.g. sourceforge. However it would be possible to make a https: page under www.openoffice.org located on apache servers, that list extensions from e.g. sourceforge, meaning the extensions themself can be located outside apache (download will be http:// but lookup is https://). I hope this helps in the discussion. rgds jan I. Regards, > Andrea. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > >
