Daniel Shahaf wrote on Wed, 20 Jan 2021 15:56 +00:00: > I see you used CN=svn-haxx.apache.org on the certificate. > > Please run this by Infra. It's conceivable that having a *.apache.org > site that _doesn't_ use the wildcard cert might impact the wildcard's > reputation in some way (e.g., break certificate pinning rules in > plugins such as HTTPS Everywhere).
Also, I kinda wonder what trademarks@ would think about the current setup, since there's this old policy: https://blogs.apache.org/foundation/entry/if_it_s_not_at "If it's not at apache.org, it's not from the Apache Software Foundation!" (2009) In particular, I wonder whether they'd prefer that svn.haxx.se redirect (as in, HTTP 301 responses) to some *.apache.org name. Thanks for making this happen! These are good problems to have :-) Daniel
