On Sun, Jan 06, 2013 at 07:08:08PM -0500, Jeremy L. Gaddis wrote: > * Luca Filipozzi <lfili...@debian.org> wrote: > > Please recall our recent email regarding the moinmoin [1] vulnerability [2] > > and > > the penetration of Debian's wiki [3]. We have reset all password hashes and > > sent individual notification to all Debian wiki account holders with > > instructions on how to recover (and thereby reset) their passwords [4]. > > More > > technical details about the attack are available [5]. > > [snip] > > Thanks, I just reset the password on my account only to realize that > SSL is not being used by default on wiki.d.o.
Yes. :/ > Surely this will be fixed in the very near future? DSA and DWA are in discussion about enforcing encryption at all authentication points. We're currently debating the pros/cons of using a commercial SSL cert vs a Debian SSL cert. Given the dubious value of commercial certificates, I'm in favour of the latter but I appreciate that some users will find the browser warnings to be confusing. OTOH, I'd argue that if one wishes to maintain content at wiki.debian.org, then one should understand the basics of PKI. What do you think? Thanks, Luca DSA = Debian System Administration Team DWA = Debian Wiki/Web Administration Team (my coinage) -- Luca Filipozzi Member, Debian System Administration Team -- To UNSUBSCRIBE, email to debian-www-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130107014149.gb13...@emyr.net