From: "J.H." <warthog9@kernel.org>
To: users@kernel.org, linux-kernel <linux-kernel@vger.kernel.org>
Subject: [KORG] Availability of SSL on kernel.org
Date: Thu, 18 Mar 2010 18:13:27 -0700 [thread overview]
Message-ID: <4BA2CFB7.7070108@kernel.org> (raw)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Afternoon Everyone,
I would like to go ahead and announce the general availability of SSL
support for a number of the services on kernel.org! This should help
provide an additional level of security, in particular for our dynamic
content like the wiki's, patchwork and bugzilla.
The certificates have been very graciously donated and signed by Thawte,
and we at kernel.org greatly appreciate their support of Open Source!
These signed certificates make it trivial for our users to make use of
this additional layer of security, and alleviates a large amount of
support effort that self-signed certificates would have incurred.
"Thawte is proud of its open source lineage. Providing free
certificates to community projects is just a small way of not
only supporting the community but returning the favor. Please
spread the word."
Services that are now by default using SSL:
* Bugzilla
* Wikis
* Account Requests
* Patchwork
These are using an HTTP redirect so you should need to do anything
for these to just work.
Services that have can optionally use SSL:
* www.kernel.org
* boot.kernel.org
* git.kernel.org
* android.git.kernel.org
Just use https vs. http, there is no automatic redirection for these
Services that DO NOT offer SSL:
* mirrors.kernel.org
These machines move a large amount of data to a large number of
users and it would be difficult, and memory intensive, to provide
SSL for this service. I don't foresee enabling SSL for
mirrors.kernel.org.
* *.[us | [nl.|se.]eu | geo | all].kernel.org dns entries
These would require too many distinct certificates to adequately
cover, and are generally not user facing. These still have
the SSL certificates available to them, but the address will not
match the CN in the certificate.
As always if you encounter problems, e-mail ftpadmin or catch us on IRC.
I've done a fair amount of testing of this on my own - but due to the
large number of possible clients it's impossible for me to have tested
this from every possible angle.
- - John 'Warthog9' Hawley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkuiz7cACgkQ/E3kyWU9dicIAwCfQlTlSDEMn1GP++Cy7IFV9Oqi
MP4Aniu0hVPdXMopnAG/W/PtWd0aEDus
=pg6c
-----END PGP SIGNATURE-----
next reply other threads:[~2010-03-19 1:13 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-19 1:13 J.H. [this message]
2010-03-19 3:58 ` [kernel.org users] [KORG] Availability of SSL on kernel.org Paul Mundt
2010-03-19 6:05 ` Jeremy Kerr
2010-03-19 8:00 ` Jeremy Kerr
2010-03-19 11:38 ` Mauro Carvalho Chehab
2010-03-19 18:45 ` J.H.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BA2CFB7.7070108@kernel.org \
--to=warthog9@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=users@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.