[Qgis-developer] secure qgis.org - SSL certificate

Tyler Mitchell info at locatepress.com
Wed Oct 10 09:06:36 PDT 2012


Just FYI that OSGeo has used comodo in the past - not sure if there could be a discount option for > 1 domain :)

On 2012-10-10, at 5:26 AM, Matthias Kuhn wrote:

> Hi,
> 
> at the HF we started to talk about making qgis.org a little bit more
> secure.
> At the moment, the password that is used to authenticate for the wiki,
> bugtracker etc is transmitted in cleartext. I urge everybody to not use
> the same password than for their onlinebanking at the moment (you
> probably know that you shouldn't anyway and of course have not been
> using the same password on different sites, right?).
> 
> Nevertheless, this needs to be fixed.
> 
> Short summary of options (incomplete):
> 
> cacert
> http://www.cacert.org/
> Open approach to certification, based on community efforts.
> Unfortunately not installed by default on most browsers.
> 
> thawte
> http://www.thawte.com/
> Looks like they offered free certificates to opensource projects some
> years ago. Maybe we could ask them if this offer is still valid.
> 
> comodo
> http://www.comodo.com/
> Pretty cheap offers
> 
> startssl
> https://www.startssl.com/
> Also cheap offers (starting from free)
> 
> Would we need a wildcard certificate? Probably yes, as we want it to be
> valid for hub.qgis.org, wiki.qgis.org etc...
> 
> Here discussion I found for another opensource project which changed its
> provider for ssl certificate:
> http://drupal.org/node/1386548
> 
> In the end they ordered one on http://www.namecheap.com/
> 
> What do you think?
> 
> _______________________________________________
> Qgis-developer mailing list
> Qgis-developer at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-developer


-----
Tyler Mitchell, Publisher
Locate Press, info at locatepress.com
Open Source "geo" Books
http://www.locatepress.com







More information about the Qgis-developer mailing list