Bug 2113

Summary: Buildroot bugzilla has unsigned or invalid HTTPS cert
Product: Busybox Reporter: Mitch Davis <mjd+busybox.net>
Component: OtherAssignee: unassigned
Status: RESOLVED WONTFIX    
Severity: minor CC: busybox-cvs
Priority: P5    
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Host: Target:
Build:
Attachments: What visitors to bugs.busybox.net see (1)
What visitors to bugs.busybox.net see (2)

Description Mitch Davis 2010-06-25 12:49:11 UTC 
Created attachment 2101 [details]
What visitors to bugs.busybox.net see (1)

Hi guys,

It's a bit disconcerting to visit bugs.busybox.net and see it doesn't have a certificate recognised by the majority of browsers (see attached).  Others may feel the same and wonder if the site is legitimate.

Did you know that GoDaddy gives free 1-year HTTPS certificates to open source projects?

  https://www.godaddy.com/gdshop/ssl/ssl_opensource.asp

I hope this helps.

Mitch.
Comment 1 Mitch Davis 2010-06-25 12:49:53 UTC 
Created attachment 2107 [details]
What visitors to bugs.busybox.net see (2)
Comment 2 Denys Vlasenko 2010-08-11 23:28:45 UTC 
I don't think bugzilla's data is that sensitive that I need to bother our service provider with this. Sorry.
Comment 3 Mitch Davis 2010-08-11 23:39:50 UTC 
Denys, maybe you've missed the point.

If the data isn't sensitive, take the certificate off.  If we need a cert, get a free one that doesn't annoy users.

Having the cert warning message is annoying and looks like a scam.  Do we really want to paint that picture?
Comment 4 Denys Vlasenko 2010-08-12 00:03:10 UTC 
(In reply to comment #3)
> Denys, maybe you've missed the point.
> 
> If the data isn't sensitive, take the certificate off.  If we need a cert, get
> a free one that doesn't annoy users.

Well, I asked the provider about it, and that was their answer - "the data isn't sensitive enough for it".

Since they host busybox site *for free*, I really don't feel it is right to *insist* they work more to satisfy my whims.
Comment 5 Mitch Davis 2010-08-12 00:44:28 UTC 
Ok I understand that.

If this is the case, can we remove HTTPS access?
Comment 6 Mitch Davis 2010-08-12 00:45:18 UTC 
Scratch that idea.  I've suggested a way forward that is both free and easy, but if there is no will to make it happen, let's not worry about it further.

I give up.