[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Popcon-developers] Bug#865718: Bug#865718: popularity-contest: update links to https where possible

On Sat, 2017-07-22 at 13:59 +0200, Bill Allombert wrote:

> By the way, do you know how to setup popcon.debian.org so that
> https://popcon.debian.org?work ?

Make sure that the popcon clients can submit via https and find out any
incompatibility issues with existing versions in the wild.

If there isn't one already, add some way of setting which certificates
directory popcon uses, since  debian.org hosts are now submitting to
popcon and also debian.org hosts do not trust any CAs by default, just
the end service certs and most software in Debian cannot verify end
service certs directly any more so we have to pass the right directory
to https software.

https://wiki.debian.org/ServicesSSL

Add another line in the LE config:

https://anonscm.debian.org/cgit/mirror/letsencrypt-domains.git/tree/domains

Adjust the apache2 configuration to move most of the config to a macro
add a https vhost that uses the ssl macros. I assume for compatibility
you probably don't want to redirect http to https though?

/etc/apache2/conf-available/puppet-ssl-macros.conf

I think there might be some other things around public key pinning, so
it might be best for you to submit a ticket for this so that all the
necessary things get done.

https://wiki.debian.org/rt.debian.org

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/popcon-developers/attachments/20170722/fd96a030/attachment.sig>
Reply to: