Hi, at the HF we started to talk about making qgis.org a little bit more secure. At the moment, the password that is used to authenticate for the wiki, bugtracker etc is transmitted in cleartext. I urge everybody to not use the same password than for their onlinebanking at the moment (you probably know that you shouldn't anyway and of course have not been using the same password on different sites, right?).
Nevertheless, this needs to be fixed. Short summary of options (incomplete): cacert http://www.cacert.org/ Open approach to certification, based on community efforts. Unfortunately not installed by default on most browsers. thawte http://www.thawte.com/ Looks like they offered free certificates to opensource projects some years ago. Maybe we could ask them if this offer is still valid. comodo http://www.comodo.com/ Pretty cheap offers startssl https://www.startssl.com/ Also cheap offers (starting from free) Would we need a wildcard certificate? Probably yes, as we want it to be valid for hub.qgis.org, wiki.qgis.org etc... Here discussion I found for another opensource project which changed its provider for ssl certificate: http://drupal.org/node/1386548 In the end they ordered one on http://www.namecheap.com/ What do you think? _______________________________________________ Qgis-developer mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/qgis-developer
