[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-users] SSL cert for wrong host

From: Bob Proulx
Subject: Re: [Savannah-users] SSL cert for wrong host
Date: Tue, 8 Aug 2017 18:13:58 -0600
User-agent: NeoMutt/20170609 (1.8.3)

Hi Marcus,

> > Where did you see documented so that this may be
> > corrected?
> I got that URL from the gitweb instance [1] that the autoconf savannah
> page [2] points to.


Aha!  We look at these pages all of the time and after a while the
details all blur together.  That should have been fixed last December!
That was set that way during turn-on of the new server image and
should never have escaped into production.

Thank you for letting us know.  I have fixed it now.  I also removed
the DNS alias too so that it can't be used moving forward.

> Admittedly, the savannah page itself has a non-TLS variant of the URL:
> git clone

Right.  You may use either.  However the https is recommended.  But we
don't prevent people from using the http or git protocols.  For some
those are the only ones they can easily get to.

> but: non-TLS http for source code distribution felt like it shouldn't be
> the recommended way, so I payed no further attention to that http://...
> URL, and just clicked through to the webgit to figure out a way of
> cloning that would allow to check authenticity of the remote!

You may use either.  And of course people should always check gpg
signatures to verify the validity of downloaded bits regardless of the


reply via email to

[Prev in Thread] Current Thread [Next in Thread]