[Qgis-developer] secure qgis.org - SSL certificate

Matthias Kuhn matthias.kuhn at gmx.ch
Wed Oct 10 05:26:20 PDT 2012


Hi,

at the HF we started to talk about making qgis.org a little bit more
secure.
At the moment, the password that is used to authenticate for the wiki,
bugtracker etc is transmitted in cleartext. I urge everybody to not use
the same password than for their onlinebanking at the moment (you
probably know that you shouldn't anyway and of course have not been
using the same password on different sites, right?).

Nevertheless, this needs to be fixed.

Short summary of options (incomplete):

cacert
http://www.cacert.org/
Open approach to certification, based on community efforts.
Unfortunately not installed by default on most browsers.

thawte
http://www.thawte.com/
Looks like they offered free certificates to opensource projects some
years ago. Maybe we could ask them if this offer is still valid.

comodo
http://www.comodo.com/
Pretty cheap offers

startssl
https://www.startssl.com/
Also cheap offers (starting from free)

Would we need a wildcard certificate? Probably yes, as we want it to be
valid for hub.qgis.org, wiki.qgis.org etc...

Here discussion I found for another opensource project which changed its
provider for ssl certificate:
http://drupal.org/node/1386548

In the end they ordered one on http://www.namecheap.com/

What do you think?



More information about the Qgis-developer mailing list