FS#6429 - secure login on bugs.archlinux.org doesn't work

Attached to Project: Arch Linux
Opened by Henrik Holst (holst) - Friday, 16 February 2007, 09:11 GMT
Last edited by eliott (cactus) - Tuesday, 04 September 2007, 06:46 GMT
Task Type Bug Report
Category Web Sites
Status Closed
Assigned To Judd Vinet (judd)
eliott (cactus)
Architecture All
Severity Low
Priority Normal
Reported Version 0.7.2 Gimmick
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

bugs.archlinux.org does not allow secure login via https://bugs.{jadajada...}. A vhost problem?

Possible solutions:

1. don't use vhosts if you don't have enough IP:s to go around.
2. if there is enough IP numbers to go around for every vhost- use them! create a unique certificate for each vhost.
3. use a *.archlinux.org certificate for all vhosts and just enable vhosts on https as well (I know it can be done so don't try "it does not work" card)
4. use only a bugs.archlinux.org certificate and let the other *.archlinux.org vhost users complain? :D

/holst
This task depends upon

Closed by  eliott (cactus)
Tuesday, 04 September 2007, 06:46 GMT
Reason for closing:  Deferred
Additional comments about closing:  May implement later.
Defferring for now.
Comment by eliott (cactus) - Tuesday, 04 September 2007, 06:45 GMT
> 1. don't use vhosts if you don't have enough IP:s to go around.

That is ridiculous. Namebased virtual hosts work fine.
Not every site needs ssl layer security.

> 2. if there is enough IP numbers to go around for every vhost- use them! create a unique certificate for each vhost.

Certificates cost money. If you are interested in donating directly to the purchase of an ssl certificate, I suggest you send an email to Judd. You can find his contact information on the developer list. http://archlinux.org/developers/#judd

> 3. use a *.archlinux.org certificate for all vhosts and just enable vhosts on https as well (I know it can be done so don't try "it does not work" card)

Multihost ssl certs are generally more expensive.

> 4. use only a bugs.archlinux.org certificate and let the other *.archlinux.org vhost users complain?

Instead we chose to use ssl on the developer login and backend infrastructure systems. Those entry vectors are far more critical than the bugtracker.

Loading...