[Qgis-psc] SSL for QGIS

Tim Sutton tim at linfiniti.com
Sun Feb 24 11:43:48 PST 2013 

Could someone help with this?

Thanks

Tim

---------- Forwarded message ----------
From: Tim Sutton <lists at linfiniti.com>
To: "tech at wildintellect.com" <tech at wildintellect.com>
Cc: "System Administration Committee Discussion/OSGeo" <sac at lists.osgeo.org>,
Martin Spott <Martin.Spott at mgras.net>, qgis-developer <
qgis-developer at lists.osgeo.org>, qgis-psc <qgis-psc at lists.osgeo.org>
Date: Sun, 24 Feb 2013 21:01:33 +0200
Subject: Re: [Qgis-developer] [SAC] Unencrypted login to QGIS hub.qgis.org !
HI

On Sun, Feb 24, 2013 at 8:19 PM, Alex Mandel <tech_dev at wildintellect.com>
wrote:
> On 02/24/2013 03:31 AM, Martin Spott wrote:
>> Hi,
>> I planned to report a bug concerning building QGIS trunk on my (my
>> wife's) PeeCee at home and while loggin into "hub.qgis.org/login" I
>> noticed that this site:
>>
>> a) Apparently authenticates against OSGeo LDAP, but
>> b) is not capable of properly retrieving the real name and EMail
>>    address from OSGeo LDAP,
>> c) does *not* enforce HTTP SSL encryption at login and, moreover
>> d) does not even *permit* HTTP SSL encryption at login.
>>
>> While b) just lets you *look* bad, c) is very bad style and d) is very
>> bad overall, because you're compromising OSGeo passwords.  Please
>> *always* add proper encryption whenever authentication is affected.
>>
>> Thanks,
>>       Martin.
>>
>
> Yup, I've been aware of it and have been constantly asking the qgis PSC
> to sign up for a free SSL cert from StartSSL. I can sign up for the cert
> and just have it emailed to me but much preferred that the qgis admins
> had the account it was under.
>

Hi Alex

I tried again to go in to startssl to get a cert but the site just
times out all the time for me. Could one of the other PSC members look
into this and provide Alex what is needed?

Regards

Tim

-- 
Tim Sutton - QGIS Project Steering Committee Member (Release  Manager)
==============================================
Visit http://linfiniti.com to find out about:
 * QGIS programming services
 * GeoDjango web development
 * FOSS Consulting Services
Skype: timlinux Irc: timlinux on #qgis at freenode.net
==============================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20130224/6f8fed08/attachment.html>

More information about the Qgis-psc mailing list