Am 01/26/2014 06:27 PM, schrieb jan i:
On 26 January 2014 16:54, Andrea Pescetti<pesce...@apache.org> wrote:
On 23/01/2014 Roberto Galoppini wrote:
Time by time we receive end-users' requests asking why extensions. and
templates. don't run under HTTPS.
If we want to, SourceForge would be happy to install such certificates.
Thoughts?
It would make sense to have HTTPS on both those sites.
Infra managed all of this internally so I don't know any details, but we
now have a certificate for *.openoffice.org that we are using on the wiki
and forum. Of course, the difference is that wiki/forum are hosted
internally, and I believe it's impossible, for security reasons, to make
that same certificate available for extensions and templates, which are
hosted externally.
I suggest that we proceed as follows: if there is consensus that it is a
good feature to have HTTPS on Extensions and Templates, we will contact
Infra and ask what to do (maybe the project should create two separate
certificates covering only extensions.openoffice.org and
templates.openoffice.org and hand them over to SourceForge to apply them;
but honestly I don't know).
Wearing my infra hat:
*.openoffice.org can only be used for services located on apache hosts, we
cannot give the certificate to e.g. sourceforge. However it would be
possible to make a https: page under www.openoffice.org located on apache
servers, that list extensions from e.g. sourceforge, meaning the extensions
themself can be located outside apache (download will be http:// but lookup
is https://).
When you click on the link to download the extension/template, wouldn't
this force a message in the browser like "You are requesting possibly
unsecure data from a secure webpage? Do you really want to go on?"
If so, I don't think that this would be helpful.
Marcus
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
