planet via https (was Re: redmine main page)

[Harald Welte]

Dear all,

On Mon, Jan 09, 2017 at 09:50:52PM +0300, Alexander Chemeris wrote:
> As mentioned by Neels - https://planet.osmocom.org don't seem to have a
> valid certificate (I've only checked from my phone so far, though).

planet.osmocom.org is running on the same planet installation as
planet.openmoko.org and planet.netfilter.org, as I didn't see the point
in maintaining three different planet installations for the different
projects as I worked on them.  

There probably was never any intention to have planet.osmocom.org be
reachable via https, at least not consciously and not by me.  It is
probably simply an artefact of some other https service running on the
same IP address, completely unrelated.

If somebody wants to migrate the planet configuration to the osmocom.org
setup, let me know, I can create a tar-ball of the configuration and the
planet version that is used to generate it.

I really don't think that it is a good idea to change configuration on
the planet.{openmoko,netfilter}.org server to include a certificate for
osmocom.org.

An alternative solution might be a reverse proxy, with a https-proxy at
the osmocom server, which then forwards wia http to the real server
(openmoko)?

I also do think we have more pressing needs in the project than to spend
time on this, as the planet is a public web site anyway, with no
cookies, log-in or user authentication being transmitted.  So yes, there
is a chance of people doing MITM and modifying the content of the
planet, but is that really a threat that we care about?  Am I missing
something?

Regards,
	Harald
-- 
- Harald Welte <laforge at gnumonks.org>           http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)