You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-issues@apache.org by "William A. Rowe, Jr. (JIRA)" <ji...@apache.org> on 2008/09/25 03:37:44 UTC

[jira] Created: (INFRA-1737) TLS/SSL access to https://www.apache.org/

TLS/SSL access to https://www.apache.org/
-----------------------------------------

                 Key: INFRA-1737
                 URL: https://issues.apache.org/jira/browse/INFRA-1737
             Project: Infrastructure
          Issue Type: Wish
      Security Level: public (Regular issues)
          Components: HTTP Server, Infra Wishlist
            Reporter: William A. Rowe, Jr.


Right now, certain artifacts, especially ../KEYS and ../package.asc or .../package.md5
should be able to trust that they have reached www.apache.org (server authentication)
and are not modified in transit (TLS/SSL crypto).

Which leaves us looking for a https:// portal to /dist/, especially.  Other considerations
include the sponsorship and licensing pages where the reader wants additional assurance
that the information they receive (send $100k US to ...) are authentic.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (INFRA-1737) TLS/SSL access to https://www.apache.org/

Posted by "#asfinfra IRC Bot (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/INFRA-1737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12795393#action_12795393 ] 

#asfinfra IRC Bot commented on INFRA-1737:
------------------------------------------

<pquerna> done


> TLS/SSL access to https://www.apache.org/
> -----------------------------------------
>
>                 Key: INFRA-1737
>                 URL: https://issues.apache.org/jira/browse/INFRA-1737
>             Project: Infrastructure
>          Issue Type: Wish
>      Security Level: public(Regular issues) 
>          Components: HTTP Server, Infra Wishlist
>            Reporter: William A. Rowe, Jr.
>
> Right now, certain artifacts, especially ../KEYS and ../package.asc or .../package.md5
> should be able to trust that they have reached www.apache.org (server authentication)
> and are not modified in transit (TLS/SSL crypto).
> Which leaves us looking for a https:// portal to /dist/, especially.  Other considerations
> include the sponsorship and licensing pages where the reader wants additional assurance
> that the information they receive (send $100k US to ...) are authentic.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (INFRA-1737) TLS/SSL access to https://www.apache.org/

Posted by "#asfinfra IRC Bot (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/INFRA-1737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

#asfinfra IRC Bot closed INFRA-1737.
------------------------------------

    Resolution: Fixed

> TLS/SSL access to https://www.apache.org/
> -----------------------------------------
>
>                 Key: INFRA-1737
>                 URL: https://issues.apache.org/jira/browse/INFRA-1737
>             Project: Infrastructure
>          Issue Type: Wish
>      Security Level: public(Regular issues) 
>          Components: HTTP Server, Infra Wishlist
>            Reporter: William A. Rowe, Jr.
>
> Right now, certain artifacts, especially ../KEYS and ../package.asc or .../package.md5
> should be able to trust that they have reached www.apache.org (server authentication)
> and are not modified in transit (TLS/SSL crypto).
> Which leaves us looking for a https:// portal to /dist/, especially.  Other considerations
> include the sponsorship and licensing pages where the reader wants additional assurance
> that the information they receive (send $100k US to ...) are authentic.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (INFRA-1737) TLS/SSL access to https://www.apache.org/

Posted by "Paul Querna (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/INFRA-1737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12788515#action_12788515 ] 

Paul Querna commented on INFRA-1737:
------------------------------------

blocking on us getting a *.apache.org certificate.

Roughly $300/year if we went with $cheap-ssl-certs.

potentially might get it donated to us.


> TLS/SSL access to https://www.apache.org/
> -----------------------------------------
>
>                 Key: INFRA-1737
>                 URL: https://issues.apache.org/jira/browse/INFRA-1737
>             Project: Infrastructure
>          Issue Type: Wish
>      Security Level: public(Regular issues) 
>          Components: HTTP Server, Infra Wishlist
>            Reporter: William A. Rowe, Jr.
>
> Right now, certain artifacts, especially ../KEYS and ../package.asc or .../package.md5
> should be able to trust that they have reached www.apache.org (server authentication)
> and are not modified in transit (TLS/SSL crypto).
> Which leaves us looking for a https:// portal to /dist/, especially.  Other considerations
> include the sponsorship and licensing pages where the reader wants additional assurance
> that the information they receive (send $100k US to ...) are authentic.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.