-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Paul,
Am 11.02.2014 04:39, schrieb Paul Wise: > The Debian sysadmins got a report of an ISP in the UK doing DNS > hijacks for debian.org, intercepting packages.d.o requests and > blocking access to pages about some packages. As a result the > Debian sysadmins have added SSL to packages.d.o. Unfortunately it > references screenshots.d.n which doesn't have SSL, which means that > people visiting over SSL will get mixed content warnings and not be > able to view Debian screenshots. Are you able to add an SSL > certificate to screenshots.d.n so that the Debian sysadmins can > enable http -> https redirects and HSTS? Alright, I understand the problem. I'm currently in the process of rewriting the web application behind screenshots.debian.net and expect the new version to go beta in mid-2014. But we probably need to act before that. Besides I don't think I'm using absolute URLs or rewrites anywhere so the current application is probably safe. My main concern is CPU power. The system is running on a sponsored virtual server from the ISP Vexxhost in Canada. And at peak times the load is already around 0.5. I can ask whether they have a kind of SSL accelerator at their disposal. Otherwise I could just set up HTTPS at the Apache level and see how serious the CPU usage will go up. Regarding the certificate: does Debian have resources to buy an SSL certificate? I usually use a free StartCom certificate for my own purposes but I am not sure whether it is suitable for such use. I don't think that the sponsor will donate an SSL certificate either but I'm willing to ask. As soon as we clarified that I will enable HTTPS at screenshots.debian.net in no time. Cheers Christoph -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlL55zAACgkQCV53xXnMZYZJrwCglGl0LPu3QtGvJZWKzQjUeRIt QYcAoNIQ9zYDKJ9FS1YIEjTncyErxaJ1 =4Jtt -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
