[Qgis-developer] secure qgis.org - SSL certificate

[Alex Mandel]

I'm a little confused, both Gary and Tim are well aware of this issue (I
brought it up more than a year ago, and have asked them several times
about it). I've been asking them to get a free cert from StartSSL, once
done I can easily put it in place on the server.

I would have done it myself but I don't have official keys to the
qgis.org domain, someone who has those has to make the cert request.

Thanks,
Alex


On 10/10/2012 05:26 AM, Matthias Kuhn wrote:
> Hi,
> 
> at the HF we started to talk about making qgis.org a little bit more
> secure.
> At the moment, the password that is used to authenticate for the wiki,
> bugtracker etc is transmitted in cleartext. I urge everybody to not use
> the same password than for their onlinebanking at the moment (you
> probably know that you shouldn't anyway and of course have not been
> using the same password on different sites, right?).
> 
> Nevertheless, this needs to be fixed.
> 
> Short summary of options (incomplete):
> 
> cacert
> http://www.cacert.org/
> Open approach to certification, based on community efforts.
> Unfortunately not installed by default on most browsers.
> 
> thawte
> http://www.thawte.com/
> Looks like they offered free certificates to opensource projects some
> years ago. Maybe we could ask them if this offer is still valid.
> 
> comodo
> http://www.comodo.com/
> Pretty cheap offers
> 
> startssl
> https://www.startssl.com/
> Also cheap offers (starting from free)
> 
> Would we need a wildcard certificate? Probably yes, as we want it to be
> valid for hub.qgis.org, wiki.qgis.org etc...
> 
> Here discussion I found for another opensource project which changed its
> provider for ssl certificate:
> http://drupal.org/node/1386548
> 
> In the end they ordered one on http://www.namecheap.com/
> 
> What do you think?
> 
> _______________________________________________
> Qgis-developer mailing list
> Qgis-developer at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-developer
>