[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-users] SSL cert for wrong host

From: Marcus Müller
Subject: Re: [Savannah-users] SSL cert for wrong host
Date: Wed, 09 Aug 2017 07:55:49 +0200
User-agent: K-9 Mail for Android

Hi Bob,

Thank you very much for fixing all this on such short notice! :)

Best regards,

On 9 August 2017 2:13:58 AM GMT+02:00, Bob Proulx <address@hidden> wrote:
>Hi Marcus,
>> > Where did you see documented so that this may
>> > corrected?
>> I got that URL from the gitweb instance [1] that the autoconf
>> page [2] points to.
>Aha!  We look at these pages all of the time and after a while the
>details all blur together.  That should have been fixed last December!
>That was set that way during turn-on of the new server image and
>should never have escaped into production.
>Thank you for letting us know.  I have fixed it now.  I also removed
>the DNS alias too so that it can't be used moving forward.
>> Admittedly, the savannah page itself has a non-TLS variant of the
>> git clone
>Right.  You may use either.  However the https is recommended.  But we
>don't prevent people from using the http or git protocols.  For some
>those are the only ones they can easily get to.
>> but: non-TLS http for source code distribution felt like it shouldn't
>> the recommended way, so I payed no further attention to that
>> URL, and just clicked through to the webgit to figure out a way of
>> cloning that would allow to check authenticity of the remote!
>You may use either.  And of course people should always check gpg
>signatures to verify the validity of downloaded bits regardless of the

Sent from my Android device with K-9 Mail. Please excuse my brevity.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]