On 07/20/2017 12:38 PM, Rasmus Lerdorf wrote: > On Thu, Jul 20, 2017 at 1:42 AM, Niklas Keller <m...@kelunik.com> wrote: >> They can also just request them themselves, but only for their mirror >> domain. If you allow them to issue for www.php.net, you can as well just >> put the current private key there. >> > I think there is a big difference between putting the private key there and > proxying validation for just a www.php.net CN alias. We already have a list > of known mirrors, so we would make sure to only validate www.php.net for > those. By validating www.php.net we allow any mirror to pretend they are > www.php.net and no other *.php.net domain, which is exactly what we want. > > -Rasmus
I figure this is a long-shot, but Platform.sh hosts a number of community sites for free. (We recently became the home of https://externals.io/, for example.) We have multiple data centers and SSL-all-the-things using Lets Encrypt. We'd be happy to help on the hosting side of the equation for any *.php.net sites if there's interest, either full or partial. We also offer PHP 7.1 and will have the just-released 7.2 beta up shortly. :-) (We have no opinion on the code side; we're just happy to help on the infrastructure side.) --Larry Garfield -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
