[JIRA] (OVIRT-2140) enforce SSL on resources.ovirt.org

Duck Wed, 28 Aug 2019 22:29:35 -0700

    [ 
https://ovirt-jira.atlassian.net/browse/OVIRT-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=39713#comment-39713
 ]


Marc Dequènes (Duck) commented on OVIRT-2140:
---------------------------------------------

[~accountid:557058:caa507e4-2696-4f45-8da5-d2585a4bb794] signed packages on 
HTTP are not safe because old releases are also valid thus it’s possible to do 
replay attacks by providing older and security buggy packages. it’s better but 
not sufficient.



> enforce SSL on resources.ovirt.org
> ----------------------------------
>
>                 Key: OVIRT-2140
>                 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2140
>             Project: oVirt - virtualization made easy
>          Issue Type: Improvement
>            Reporter: Evgheni Dereveanchin
>            Assignee: infra
>
> SSL was enabled on Resources with OVIRT-1472, this ticket is to transform the 
> non-SSL virtual hosts into redirects to the SSL version



--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100108)
_______________________________________________
Infra mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/[email protected]/message/CILZMIU42TWQ3EZ252U7FB6M2MZ7O3EB/

[JIRA] (OVIRT-2140) enforce SSL on resources.ovirt.org

Reply via email to