I should mention also that we have a BZ issue tracking this required change. It is categorized as a Release Blocker, so we don't forget it:
https://issues.apache.org/ooo/show_bug.cgi?id=122444 -Rob On Tue, Jun 4, 2013 at 6:05 PM, Rob Weir <robw...@apache.org> wrote: > On Tue, Jun 4, 2013 at 5:59 PM, janI <j...@apache.org> wrote: >> On 4 June 2013 22:36, Andrea Pescetti <pesce...@apache.org> wrote: >> >>> On 03/06/2013 Rob Weir wrote: >>> >>>> I think the concern is this: >>>> 1) We want SSL for >>>> 4.0.http://update.openoffice.**org<http://update.openoffice.org> is not >>>> HTTPS. >>>> >>>> 2) The URL >>>> https://ooo-site.openoffice.**apache.org<https://ooo-site.openoffice.apache.org> >>>> supports SSL, but is >>>> not considered "long term stable". The URL is an artifact of the CMS >>>> 3) We're looking for a stable URL. One could be >>>> https://updates.openoffice.org**, but that requires an SSL cert for >>>> *.openoffice.org. But will that be supported in time for the AOO 4.0 >>>> release? >>>> 4) Backup plan is updates.openoffice.apache.org, which could be >>>> supported via SSL today, using the *.apache.org cert. If we do that >>>> we'd want to map that to its own CMS dir in SVN. so it can be updated >>>> and published via the CMS. >>>> >>> >>> This is mostly correct, except the fact (in #2 and #4) that the current >>> certificates only support x.apache.org and not x.y.apache.org: so >>> https://ooo-site.apache.org is what is in the sources right now (well, >>> the last time I checked) and >>> https://openoffice-updates.**apache.org<https://openoffice-updates.apache.org>(or >>> something like that) should be used for the backup plan in #4. >>> >> >> Hi >> >> I am confused, it seem we nearly all agree on >> https://updates.openoffice.orgbut not on the directory. >> >> The order for the cert is being processed, when the cert arrives it needs >> to be implemented on erebus-sll (our https: proxy), and we (infra) need to >> do some updates on the aoo servers. >> >> In order to do this work, I need: >> >> 1) which url (e.g. https://updates.openoffice.org) >> 2) should relate to which directory in svn. >> >> The last mails contains different proposal ranging from dont do it for 4.0 >> to different dirs, that is something I cannot implement. >> >> We can also decide to forget it for https:updates.*, but I need a single >> decision to be able to implement it. >> > > Is the cert already here? Or do we have a few weeks to decide? I'd > say, don't let this decision get in the way of deploying the cert and > enabling it for the website, wikis, forums, etc. The update site > doesn't need to be enabled until shortly before AOO 4.0 is released. > > And depending on when the cert arrives, we might not use it at all for > 4.0 updates. If it comes too late we'll just use an apache.org > address. So we're really waiting for Infra on this, not the other > way around. We need an estimate for when the cert will be purchased > so we can decide whether or not it will be used for 4.0 updates. > > -Rob > > >> rgds >> jan I. >> >>> >>> Regards, >>> Andrea. >>> >>> >>> ------------------------------**------------------------------**--------- >>> To unsubscribe, e-mail: >>> dev-unsubscribe@openoffice.**apache.org<dev-unsubscr...@openoffice.apache.org> >>> For additional commands, e-mail: dev-h...@openoffice.apache.org >>> >>> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
