Custom Query (196 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (145 - 147 of 196)

Ticket Resolution Summary Owner Reporter
#400 fixed SHA-1 certificates from mitcert since 2013 will be degraded by Chrome andersk
Description

davidben points out that Chrome will be degrading SHA-1 certificates valid past 2016-01-01:

The following changes to Chromium's handling of SHA-1 are proposed:

  • All SHA-1-using certificates that are valid AFTER 2017/1/1 are treated insecure, but without an interstitial. That is, they will receive a degraded UI indicator, but users will NOT be directed to click through an error page.
  • Additionally, the mixed content blocker will be taught to treat these as mixed content, which WILL require a user action to interact with.
  • All SHA-1-using certificates that are valid AFTER 2016/1/1 are treated as insecure, but without an interstitial. They will receive a degraded UI indicator, but will NOT be treated as mixed content.

This seems to include all certificates that mitcert/InCommon has issued (and continues to issue!) since 2013-01-01, since they have a three year expiration date.

So we’re going to need to replace all these certificates soon. This might also be a good excuse to move to a 2048-bit private key (because a 4096-bit certificate signed by 2048-bit CAs provides no security benefit and is noticeably slower).

#16 invalid auto-installers need better error handling andersk
Description

(Imported from help.mit.edu #419862.)

geofft:

It appears to me that you left the Title field blank in the setup process. (This is the last question, after it finishes uncompressing the installation.) This confused the auto-installer, leaving it in a half-installed state. (The "You have to set the wiki up first!" page should not show up if the auto-installers complete.)

#19 wontfix Subversion autoinstaller broder
Description

"For a while I've had this idea of turning Apache into a FastCGI server, that gets invoked by going to some URL on a parent Apache. This would allow users to run Apache under their own UID with an arbitrary configuration, without putting it on a separate port and worrying about how to make it persistent over server restarts. For example, they could enable mod_dav_svn and host a Subversion repo that way. It would be the ultimate manifestation of the scripts philosophy that you should be able to install and configure whatever the hell you want."

(Taken from RT 457498)

Note: See TracQuery for help on using queries.