On 2021-01-15 at 07:56 +0100, Stefan Claas via Gnupg-users wrote: > Don't you think when GitHub, a major player, would have an invalid > SSL cert, that maybe one of the millions programmers there would not > have contacted GitHub, like I did, and say hey GithHub you serve > the global community and visitors an invalid SSL certificate? I must > admit that I also do not understand what you mean with sus-sub > domains. My GitHub page is sac001.github.io and not foo.bar.github.io > or whatever.
By sub-sub-domains we are all talking about pages such as https://openpgpkey.sac001.github.io or https://helloworld.sac001.github.io Go there, click those links. You will see that -*after forcing your browser to ignore the invalid certificate*- there is a web page there returning a message of "Site not found", "404 There isn't a GitHub Pages site here". *I* don't know why they have such domains resolving. It may have been simpler to configure the dns server that way, or perhaps they just missed it. The funny think is, I don't think there's a way to create a page in helloworld.sac001.github.io or openpgpkey.sac001.github.io, so these sites are mostly useless (if not directly problematic such as in WKD case), and I guess that's why noone really bothered about the invalid certificate for them (which isn't easy to solve, either). I don't know what process you used to contact GitHub support, but the question to ask would be precisely this: > Why is there something on https://openpgpkey.sac001.github.io ? How > can I modify it? If there is not, could you make it not to resolve? The reasons why it is picked has been, I think, explained already many times in this thread. Best regards _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
