gforge
gforge
----- Forwarded message from Roland Mas <lolando@debian.org> -----
The gforge-web-apache2 package in sid and lenny sets up the website
with a dummy certificate if none is found existing. Users are then
encouraged to replace it with a "real" one. The dummy certificate in
question is the Snake Oil one, so it should already be known as a weak
one (even without the SSL bug), but I guess at least some users accept
it without a second thought. It would probably make sense to set up
another certificate on new installs, but I'm not sure whether to
replace old Snake Oil ones.
----- End forwarded message -----
Reply to: