gforge

To: debian-www@lists.debian.org
Cc: team@security.debian.org
Subject: gforge
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 15 May 2008 14:00:05 +0200
Message-id: <[🔎] 20080515120004.GA22639@inutil.org>

gforge

----- Forwarded message from Roland Mas <lolando@debian.org> -----

The gforge-web-apache2 package in sid and lenny sets up the website
with a dummy certificate if none is found existing.  Users are then
encouraged to replace it with a "real" one.  The dummy certificate in
question is the Snake Oil one, so it should already be known as a weak
one (even without the SSL bug), but I guess at least some users accept
it without a second thought.  It would probably make sense to set up
another certificate on new installs, but I'm not sure whether to
replace old Snake Oil ones.

----- End forwarded message -----

Reply to:

Follow-Ups:
- Re: gforge
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: iceweasel x590 vulnerability info
Next by Date: key rollover for MIT Kerberos
Previous by thread: Bug#481318: [Fwd: [Debian Wiki] Update of "DebianHistory" by anwins]
Next by thread: Re: gforge
Index(es):
- Date
- Thread