Hi, I am not sure how the creation of a self signed certificate as part of the installation of the FOSSology software improves the situation.
From a technical point of view, of course, we could even add a self signed certificate creation step in the post install operations. But, for most cases, would self signed certificates work right out of the box? – we need to know the hostname of the machine we re on … maybe this is possible, but I, just do not know how reliably you can determine the hostname. And if some is using the fossology in a localhost setup, is it helpful to create a certificate with the hostname and then the user call localhost and the certificate does not match … I am missing the possibilies here, please let me know how this could work. I have not seen a documentation (as part of the FOSSology documentation) of how to create a self signed certificate. Kind regards, Michael From: <fossology@lists.fossology.org> on behalf of "Jeremiah C. Foster" <jfos...@luxoft.com> Date: Wednesday, 1. April 2020 at 18:43 To: "fossol...@fossology.org" <fossol...@fossology.org> Subject: Re: [FOSSology] Hi I have a questions before using fossology On Tue, 2020-03-31 at 21:42 +0000, Michael C. Jaeger wrote: Hello, thanks for reaching out to us. To your questions: *) is source code leaking out from a fossology server? Answer: 1. Usually not , the fossology solution is entire self contained. You can run fossology entirely without access to the internet. The main point why you would need Internet access is about updating your OS and packages. 2. But please understand that despite the FOSSology server can run everything on its own database, it your responsibility to secure your server installation from being hacked. One first task would be to enable a connection using https. Is there documentation on doing this? I understand that there is plenty of documentation already on the internet that describes using TLS and certificates with apache and nginx, but there doesn't appear to be a ton of documentation on the way that FOSSology sets things up. For example, FOSSology does not appear add a self-signed cert which would enable https upon installation. Am I mistaken, is there more info on this? Regards, Jeremiah ________________________________ This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3345): https://lists.fossology.org/g/fossology/message/3345 Mute This Topic: https://lists.fossology.org/mt/72670290/21656 Group Owner: fossology+ow...@lists.fossology.org Unsubscribe: https://lists.fossology.org/g/fossology/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
