On 27 October 2013 13:34, Rob Weir <robw...@apache.org> wrote:
> On Sun, Oct 27, 2013 at 4:05 AM, janI <j...@apache.org> wrote:
> > On 27 October 2013 02:58, Ariel Constenla-Haile <arie...@apache.org>
> wrote:
> >
> >> On Sat, Oct 26, 2013 at 09:30:06PM -0400, Rob Weir wrote:
> >> > On Sat, Oct 26, 2013 at 5:05 PM, Ariel Constenla-Haile
> >> > <arie...@apache.org> wrote:
> >> > > On Sat, Oct 26, 2013 at 10:54:59PM +0200, janI wrote:
> >> > >> Hi.
> >> > >>
> >> > >> www.openoffice.org now accept both http: and https: as announced
> >> > >> earlier.
> >> > >>
> >> > >> We have however seen that e.g. product.css contain image tag with
> >> > >> http://xxx. All references must be relative (without http: and
> >> > >> https:). I hope the web admins can do make the needed changes.
> >> > >
> >> > > There are 26,349 matches of "http://www.openoffice.org/"; in
> >> > > ooo-site.
> >> > >
> >> >
> >> > We *are not* going to change to a system that requires that links to
> >> > www.openoffice.org are all https. I hope that is not what is being
> >> > suggested. Remember, we have 10's of thousands of *external* links to
> >> > our website that we do control and cannot change.
> >> >
> >> > Please someone, tell me that this is not what is being suggested here.
> >>
> >
> > No its not, as I wrote in the part you quote, www.openoffice.org will
> > continue to have https: but also https: as pr request from the project.
> >
> > But if I might remind you sent a mail to infra, asking why https: was not
> > implemented for www.openoffice.org, which I and pctony responded to.
> >
> > And if you look at INFRA-6608, you will see a comment from andrea 3
> August:
> > "And we will want to use it, even though there is no authentication
> there,
> > for
> > http(s)://www.openoffice.org
> > (this is mainly because we receive a steady, even if low, amount of
> > complaints from users who cannot browse our main site on HTTPS). "
> >
> >
> > We infra have done exactly as the project asked us to do according to
> > INFRA-6608, and that is not correct ??
> >
>
> There is nothing wrong, IMHO, with supporting https for
> www.openoffice.org. There is nothing wrong, IMHO, with *not*
> supporting https for www.openoffice.org as well. The problem has been
> the confusion caused to users when they get an error about an invalid
> certificate when using https with www.openoffice, due to the
> apache.org certificate previously associated with it. The mismatch
> was the issue. But it should be sufficient to support https on
> request for the www subdomain. We don't have any security reason to
> have it be the default for the static website, or at least none that I
> know of.
>
> So that is the question: support https versus automatically
> redirecting http to https.
>
May I politely correct, NO one has talked about redirection of
www.openoffice.org.
If you read my (and earlier) mails, I have written
support http: and https:
You are able to view www.openoffice.org as:
http://www.openoffice.org
or
https://www.openoffice.org
that is the users choice.
Redirection is only mentioned for wiki.o.o and forum.o.o, where it is
needed for security reasons.
You are able to call http://wiki.openoffice.org, but will be redirected to
https://wiki.openoffice.org and all further communication will be https:
> My concern, as stated, was regarding the stability of external URLs
> using http and whether they would continue to resolve. I wanted to
> have some discussion before we started to make bulk edit changes to
> thousands of web and wiki pages. I don't think this request was
> unreasonable.
>
The request is not at all unreasonable, but 2 things:
- I read about 10 mails with numbers and "will not do", before infra was
given a thank for spending a saturday solving a AOO problem.
- The bulk edit changes should have discussed and made a while ago, when or
before the ticket was issued, and at least before AOO send mails to infra
asking why it isnt implemented. It is a bit late (but not causing real
problems) to do it afterward.
This lack of work is the reason, I try so hard to get https://wiki tested,
because I know we have exact the same problem, with the difference
http://wiki will not be available.
I have spent my morning seeing how the bulk changes can be done, and it can
be done automatic:
- for www, do "svn co", and use e.g. sed to edit all pages with a regex.
Templates is something I dont know, so that might change the work a bit.
- for wiki, any vm-admin can open mysql, and do a update statement on the
text tables.
- for forum any vm-admin can open mysql, and do update statement on the
text tables, there might be a config issue with the avatars.
Infra secures that www/wiki/forum works technically and e.g. wiki
configuration was changed to allow https: forum configuration is prepared.
Infra does not and cannot modify the content of the services.
>
> > I actually never understood why https: was wanted on www.openoffice.org,
> > but it was not a problem to do it, so it was done.
> >
>
> Hopefully what I wrote above clarifies.
>
> > today is a day where I am less proud of being AOO-PMC. We (AOO) have
> been
> > after infra to get a certificate and get it implemented. Yesterday mark
> > took a big chunk of time and with some help from me, got it implemented.
> I
> > think infra should have a "thank you", instead !
> >
> >
> > I have of course a double heart in this situation, but I am sure this is
> > not a good way, to work together.
> >
>
> Jan, you don't live in a question-free zone. No one's actions in this
> project are immune from other project members expressing opinions or
> asking questions. Understanding that and accepting that is a good way
> to work together.
>
I have no problem with questions, that is a good way of learning more. I
hope I have explained that part above.
But asking infra why https: is not implemented, without having our own
ground work done, is asking for trouble.
> And thanks for your efforts. They are, as always, greatly appreciated.
>
no problem, I am just trying to implement infra-6608. I hope the wiki/forum
moves can be done without these unpleasant waves afterward !
Please understand why this is a big issue for me, this is in no way
personal but infra like all other projects consist of volunteers, and if
you as volunteer have 10 tasks to do, and 1 is from someone that often
react negative, I bet nearly everybody would do the 9 tasks first, hope for
9 other nice tasks before having to do the 1. In other words its human that
negative tasks get low priority, and I dont want AOO to be in that position.
FYI, It happened now was because I spoke with mark about some code-signing
cert issues, and we found a way to share the work. Had I foreseen the waves
I would honestly have done 9 other tasks.
rgds
jan I.
> -Rob
>
> > rgds
> > jan I.
> >
> >
> >
> >>
> >> were you have href="http://www.openoffice.org/some_resource";, it should
> >> be href="/some_resource" (nothing crazy, but a good practice).
> >>
> >> Grepping href=["']http://www.openoffice.org/ gives 25,026 matches.
> >>
> >>
> >> Regards
> >> --
> >> Ariel Constenla-Haile
> >> La Plata, Argentina
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org
>
>
