On 26 August 2015 09:28:42 CEST, Damien Cassou <damien.cassou@inria.fr> wrote:

Hi Sean,

Sean P. DeNigris <sean@clipperadams.com> writes:

 We were sitting here looking at some unencrypted network traffic and it hit
 me - our StHub, SqS, and ss3 credentials are always unencrypted. This is a
 tremendous security hole. Someone could grab the credentials of a more
 prominent member of the community who has admin rights to many repos and
 start uploading arbitrary Zip files with who-knows-what embedded.

 SSL certificates are so cheap today. Will ESUG purchase them for our
 community servers?

 I personally have deleted all my private repos, and moved them to BitBucket,
 which I can access via SSH, but it doesn't solve the problem because of
 course any open source St project I load will open the flood gates!

thank you
for raising the issue.

The ESUG board can pay such a certificate. Nonetheless, the problem is
not paying but installing the certificate and maintaining the server. We
already have too little time to dedicate to server maintenance.

We are looking for volunteers.