Created on 2017-04-29 17:19 by paulschreiber, last changed 2017-07-31 07:53 by ber.
|msg5969||Author: [hidden] (paulschreiber)||Date: 2017-04-29 17:19|
issues.roundup-tracker.org does not support HTTPS. All sites — especially sites providing logins — should support HTTPS and enforce it with HSTS>
|msg5973||Author: [hidden] (ber)||Date: 2017-05-09 14:18|
I agree that it would be nice to have a HTTPS support for issues.roundup-tracker.org and http://www.roundup-tracker.org/ wiki.roundup-tracker.org So thanks for reminding us. With https://en.wikipedia.org/wiki/Let%27s_Encrypt it should be fairly easy to get https started. As for HSTS I have a tendency to consider it less useful, the reason is that it may make access harder to the information on the side and a lot of info is valuable without TLS as well.
|msg5974||Author: [hidden] (paulschreiber)||Date: 2017-05-09 16:12|
What do you mean by "may make access harder to the information on the side"? All web browsers support HTTPS.
|msg5995||Author: [hidden] (rouilj)||Date: 2017-07-29 01:11|
Bernhard, have you talked to the python.org folks (IIRC) about getting this under https? At the very least encrypting logins would be good. We just had a spam login from a user whose password was changed by an admin back in 2009. So I am not sure how the spam was posted (maybe email), but securing the tracker needs to be done.
|msg5997||Author: [hidden] (ber)||Date: 2017-07-31 07:53|
@paulschreiber: World wide a number of users cannot use HTTPS easily. Two major reasons: a) elder browsers (on old tablets, phone or computer with operating systems, with no updates available for a number of reasons). b) surveillance or censorship breaks or block HTTPS @rouilj: Here is my last status (which did not make it to the list, though it should have), I haven't checked further. The os update should have solved the problems the Python folks had with their Let's encrypt client, I guess. ---------- Weitergeleitete Nachricht ---------- Betreff: Re: [Infrastructure] [Roundup-devel] https://issues.roundup-tracker.org/ is python bug tracker?? Datum: Freitag 12 Mai 2017, 18:55:38 Von: Mark Mangoba <email@example.com> An: "R. David Murray" <firstname.lastname@example.org> Kopie: Bernhard Reiter <email@example.com>, firstname.lastname@example.org, "email@example.com infrastructure" <firstname.lastname@example.org> I am planning to schedule an upgrade of bugs.python.org from Debian 6 to 7 next week, this should ultimately fix the issue as well as keep bugs healthy. At the moment, I am working with the hosting provider if its possible to create a snapshot of the VM so we can simulate and test the upgrade. I should provide an update later next week on status and schedule. Best regards, Mark
|2017-07-31 07:53:52||ber||set||messages: + msg5997|
+ rouilj, ber|
messages: + msg5995
messages: + msg5974
messages: + msg5973