SSL in Debian Forums

Have something to say about forums.debian.net itself?

SSL in Debian Forums

Postby jesus92gz » 2015-05-28 09:28

Hello.

Website: forum
Severity: wishlist

I have noticed that while other websites in Debian are SSL secured, the forum is not.

Is there any possibility to secure the forum with SSL?
Last edited by jesus92gz on 2015-05-29 07:28, edited 1 time in total.
jesus92gz
 
Posts: 121
Joined: 2015-02-06 18:07

Re: SSL in Forums

Postby levlaz » 2015-05-28 13:32

I didn't even realize that this was the case.

+1 for SSL
Best,

Lev
Blog
User avatar
levlaz
 
Posts: 179
Joined: 2012-09-27 12:06
Location: San Francisco, CA

Re: SSL in Debian Forums

Postby Sarge-in-charge » 2015-05-29 19:37

jesus92gz wrote:Is there any possibility to secure the forum with SSL?

I vote NO if it's going to be with a self-signed certificate or with a certificate chained up to a CA not by default in Firefox.

Otherwise, I vote YES.
User avatar
Sarge-in-charge
 
Posts: 113
Joined: 2012-07-21 08:41

Re: SSL in Debian Forums

Postby Head_on_a_Stick » 2015-05-29 19:50

Why does this matter?
"Are you quite sure that all those bells and whistles, all those wonderful facilities of your so called powerful programming languages, belong to the solution set rather than the problem set?" — Edsger W. Dijkstra
User avatar
Head_on_a_Stick
 
Posts: 6606
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: SSL in Debian Forums

Postby wizard10000 » 2015-05-29 22:00

Because browsers raise a flag if the certificate comes from an untrusted CA.
we see things not as they are, but as we are.
-- anais nin
User avatar
wizard10000
 
Posts: 1196
Joined: 2011-05-09 20:02
Location: everywhere i go, there i am!

Re: SSL in Debian Forums

Postby Head_on_a_Stick » 2015-05-29 22:02

Sorry, I meant: why does it matter if the forums use SSL?
"Are you quite sure that all those bells and whistles, all those wonderful facilities of your so called powerful programming languages, belong to the solution set rather than the problem set?" — Edsger W. Dijkstra
User avatar
Head_on_a_Stick
 
Posts: 6606
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: SSL in Debian Forums

Postby wizard10000 » 2015-05-29 22:04

Head_on_a_Stick wrote:Sorry, I meant: why does it matter if the forums use SSL?


Oops :)

Only reason I can think of is sending passwords in plain text.
we see things not as they are, but as we are.
-- anais nin
User avatar
wizard10000
 
Posts: 1196
Joined: 2011-05-09 20:02
Location: everywhere i go, there i am!

Re: SSL in Debian Forums

Postby roseway » 2015-05-30 06:18

Anyone who uses the same password on a public forum as they use for something confidential is asking for trouble anyway. SSL is pointless on a forum like this.
Eric
User avatar
roseway
 
Posts: 1476
Joined: 2007-12-31 22:50
Location: Kent, UK

Re: SSL in Debian Forums

Postby Sarge-in-charge » 2015-05-30 11:32

roseway wrote:SSL is pointless on a forum like this.

This is so wrong on many levels.

No HTTP traffic should be sent on the clear. Period. That's just the way it is in the post-Snowden era.
User avatar
Sarge-in-charge
 
Posts: 113
Joined: 2012-07-21 08:41

Re: SSL in Debian Forums

Postby levlaz » 2015-06-01 16:05

Once this is live we should just use it. It costs nothing and works in any browser.

https://letsencrypt.org/
Best,

Lev
Blog
User avatar
levlaz
 
Posts: 179
Joined: 2012-09-27 12:06
Location: San Francisco, CA

Re: SSL in Debian Forums

Postby levlaz » 2015-06-03 15:39

Honestly after thinking about this some more I think there is no excuse to not have a valid SSL certificate. I will buy (and if needed configure) the SSL cert for this site, does anyone know who we need to talk to in order to make this happen?
Best,

Lev
Blog
User avatar
levlaz
 
Posts: 179
Joined: 2012-09-27 12:06
Location: San Francisco, CA

Re: SSL in Debian Forums

Postby jesus92gz » 2015-06-08 13:15

Head_on_a_Stick wrote:Why does this matter?


Apart from the previous users' replies, I can see the Debian site is using SSL everywhere.
For example:
Official Site: https://debian.org/
Wiki: https://wiki.debian.org/
...

Why should the forum not use SSL as well?
jesus92gz
 
Posts: 121
Joined: 2015-02-06 18:07

Re: SSL in Debian Forums

Postby wizard10000 » 2015-06-08 15:10

jesus92gz wrote:Apart from the previous users' replies, I can see the Debian site is using SSL everywhere.
For example:
Official Site: https://debian.org/
Wiki: https://wiki.debian.org/
...

Why should the forum not use SSL as well?


Not saying we shouldn't use SSL but Debian doesn't have an official support forum. Debian official resources are all located at *.debian.org - although a very useful resource, forums.debian.net isn't an official Debian resource.
we see things not as they are, but as we are.
-- anais nin
User avatar
wizard10000
 
Posts: 1196
Joined: 2011-05-09 20:02
Location: everywhere i go, there i am!

Re: SSL in Debian Forums

Postby jesus92gz » 2015-06-08 15:23

wizard10000 wrote:forums.debian.net isn't an official Debian resource.


Really? I thought it was.
Anyways, I think supporting SSL could improve the security of the forums to the end users. Just in case.
jesus92gz
 
Posts: 121
Joined: 2015-02-06 18:07

Re: SSL in Debian Forums

Postby kolker » 2015-06-09 03:46

it not a end of the world thing but imo it should be a default on all sites. this is not because some thing sensative is happening per se or anything its just a good policy for all comunications.
User avatar
kolker
 
Posts: 81
Joined: 2013-08-22 07:16

Next

Return to Forum stuff & feedback

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable