I'll volunteer if someone cab give me an overview of how things are set up. I enjoy a little bit of server maintenance from time to time. On 26 August 2015 09:28:42 CEST, Damien Cassou <damien.cassou@inria.fr> wrote:
Hi Sean,
Sean P. DeNigris <sean@clipperadams.com> writes:
We were sitting here looking at some unencrypted network traffic and it hit me - our StHub, SqS, and ss3 credentials are always unencrypted. This is a tremendous security hole. Someone could grab the credentials of a more prominent member of the community who has admin rights to many repos and start uploading arbitrary Zip files with who-knows-what embedded.
SSL certificates are so cheap today. Will ESUG purchase them for our community servers?
I personally have deleted all my private repos, and moved them to BitBucket, which I can access via SSH, but it doesn't solve the problem because of course any open source St project I load will open the flood gates!
thank you for raising the issue.
The ESUG board can pay such a certificate. Nonetheless, the problem is not paying but installing the certificate and maintaining the server. We already have too little time to dedicate to server maintenance.
We are looking for volunteers.
-- Damien Cassou http://damiencassou.seasidehosting.st
"Success is the ability to go from one failure to another without losing enthusiasm." --Winston Churchill
_______________________________________________ Esug-list mailing list Esug-list@lists.esug.org http://lists.esug.org/mailman/listinfo/esug-list_lists.esug.org
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.