Alan Coopersmith
2011-Jan-13 21:01 UTC
[fdo] bugs.freedesktop.org SSL certificate (was: HTML colouring in xedit)
On 01/13/11 04:29 AM, Krzysztof ?elechowski wrote:> Dnia ?roda, 12 stycznia 2011 o 09:26:30 Alan Coopersmith napisa?(a): > >> On 01/11/11 11:19 AM, Krzysztof ?elechowski wrote: >>> The manual page for *xedit* does not say how to switch syntax colouring off and the display for *HTML* is awful. The font used for /code/ is smaller than the font used for /text/ , to the point of being unreadable, and using a variable-spaced font does not help either. A partial workaround is to switch the editor to *SGML* mode. >>> >>> Please fix, >> >> The previous maintainer for xedit is no longer involved in X.Org, >> and we were not aware anyone other than him actually used xedit. >> >> Please find a new editor or help find a new maintainer if you want >> to see it fixed. >> >> > > The problem with being a maintainer for anything related to the Free Desktop is the invalid security certificate for Bugzilla. > <URL: http://lists.freedesktop.org/archives/xdg/2010-December/011735.html >Seems like that's mainly a problem with you. Hundreds of other people manage to successfully get work done with that limitation. In any case, that problem has to be solved by the freedesktop folks (cc'ed) - as just one of their hosted projects, we can't control it (though the X.Org Foundation has an open offer to pay the cost of a certificate if the freedesktop admins will obtain and install it, since the Firefox warning is scary and confusing to inexperienced users, and is an obstacle to them filing bug reports). Alternative solutions include: - ignoring bugzilla, the only thing that uses SSL. Most of the work of a maintainer involves ssh connections (git over ssh or posting new releases via scp to the download site). - using the e-mail interfaces to bugzilla when possible. - not worrying about bugzilla not being certified, since the only data being secured is your bugzilla password, which can be completely unique to that site so doesn't risk anything else. For most users, there is no private data in bugzilla beyond your password. (A few of us have access to the non-public security bugs before coordinated public disclosure, but you won't be one of those folks as a new maintainer.) - offering to help the freedesktop admins solve the problem instead of constantly harping on them about it. As noted above, money for a certificate is not an issue - it's the work involved that needs to be handled. -- -Alan Coopersmith- alan.coopersmith at oracle.com Oracle Solaris Platform Engineering: X Window System
On 01/14/11 09:45 AM, Krzysztof ?elechowski wrote:>> - using the e-mail interfaces to bugzilla when possible. > > Like xorg-bugzilla-noise? The noise stopped in 2005.There was some unhappiness about list name, so it was changed to xorg-team: http://lists.x.org/mailman/listinfo/xorg-team I can attest to getting mail from it every day. -- -Alan Coopersmith- alan.coopersmith at oracle.com Oracle Solaris Platform Engineering: X Window System
Krzysztof Żelechowski
2011-Jan-14 17:49 UTC
[fdo] bugs.freedesktop.org SSL certificate (was: HTML colouring in xedit)
Dnia czwartek, 13 stycznia 2011 o 22:01:37 Alan Coopersmith napisa?(a):> On 01/13/11 04:29 AM, Krzysztof ?elechowski wrote: > > The problem with being a maintainer for anything related to the Free Desktop is the invalid security certificate for Bugzilla. > > <URL: http://lists.freedesktop.org/archives/xdg/2010-December/011735.html > > > Seems like that's mainly a problem with you. Hundreds of other people > manage to successfully get work done with that limitation. In any case, > that problem has to be solved by the freedesktop folks (cc'ed) - as just > one of their hosted projects, we can't control it (though the X.Org > Foundation has an open offer to pay the cost of a certificate if the > freedesktop admins will obtain and install it, since the Firefox warning > is scary and confusing to inexperienced users, and is an obstacle to > them filing bug reports).I hope I am the only one who bothered to use other communication channels to signal the problem, not the only one who can see the problem. Note that there is no need to pay because a basic certificate is available for free.> > Alternative solutions include: > > - ignoring bugzilla, the only thing that uses SSL. Most of the work of > a maintainer involves ssh connections (git over ssh or posting new > releases via scp to the download site).Confused. The maintainer has to maintain to bug reports, doesn?t she?> > - using the e-mail interfaces to bugzilla when possible.Like xorg-bugzilla-noise? The noise stopped in 2005.> > - not worrying about bugzilla not being certified, since the only data > being secured is your bugzilla password, which can be completely unique > to that site so doesn't risk anything else. For most users, there is > no private data in bugzilla beyond your password. (A few of us have > access to the non-public security bugs before coordinated public > disclosure, but you won't be one of those folks as a new maintainer.)I would consider making an exception if the problem were hard to solve. I still hope it will be solved soon for the benefit of all FreeDesktop users. My goodness, it is not a corner case niche project used by several hobbyists, it is the core of contemporary free desktop environments!> > - offering to help the freedesktop admins solve the problem instead of > constantly harping on them about it. As noted above, money for a > certificate is not an issue - it's the work involved that needs to > be handled.I am willing to help but that is unfortunately not possible. Getting a security certificate requires entering a legal agreement with the CA. Even webmasters cannot do it on their own (unless authorized, of course). Best regards, Chris
Dnia pi?tek, 14 stycznia 2011 o 18:46:04 Alan Coopersmith napisa?(a):> On 01/14/11 09:45 AM, Krzysztof ?elechowski wrote: > >> - using the e-mail interfaces to bugzilla when possible. > > > > Like xorg-bugzilla-noise? The noise stopped in 2005. > > There was some unhappiness about list name, so it was changed to xorg-team: > http://lists.x.org/mailman/listinfo/xorg-team > > I can attest to getting mail from it every day. >That would probably be too often for me, especially because I do not expect many bugs concerning xedit. Thanks, Chris