[Esug-list] Repository (In)Security

Steven R. Baker steven at stevenrbaker.com
Wed Aug 26 05:19:33 EDT 2015


I'll volunteer if someone cab give me an overview of how things are set up. I enjoy a little bit of server maintenance from time to time. 

On 26 August 2015 09:28:42 CEST, Damien Cassou <damien.cassou at inria.fr> wrote:
>
>Hi Sean,
>
>Sean P. DeNigris <sean at clipperadams.com> writes:
>
>> We were sitting here looking at some unencrypted network traffic and
>it hit
>> me - our StHub, SqS, and ss3 credentials are always unencrypted. This
>is a
>> tremendous security hole. Someone could grab the credentials of a
>more
>> prominent member of the community who has admin rights to many repos
>and
>> start uploading arbitrary Zip files with who-knows-what embedded.
>>
>> SSL certificates are so cheap today. Will ESUG purchase them for our
>> community servers?
>>
>> I personally have deleted all my private repos, and moved them to
>BitBucket,
>> which I can access via SSH, but it doesn't solve the problem because
>of
>> course any open source St project I load will open the flood gates!
>
>thank you for raising the issue.
>
>The ESUG board can pay such a certificate. Nonetheless, the problem is
>not paying but installing the certificate and maintaining the server.
>We
>already have too little time to dedicate to server maintenance.
>
>We are looking for volunteers.
>
>-- 
>Damien Cassou
>http://damiencassou.seasidehosting.st
>
>"Success is the ability to go from one failure to another without
>losing enthusiasm." --Winston Churchill
>
>_______________________________________________
>Esug-list mailing list
>Esug-list at lists.esug.org
>http://lists.esug.org/mailman/listinfo/esug-list_lists.esug.org

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.esug.org/pipermail/esug-list_lists.esug.org/attachments/20150826/eef494bf/attachment-0002.html>


More information about the Esug-list mailing list