On Wed, Jun 20, 2007 at 03:30:04AM +0000, Taylor R Campbell wrote: > Date: Wed, 20 Jun 2007 00:36:19 +0200 > From: Sylvain Beucler <[EMAIL PROTECTED]> > > Yes, the page had links to download outdated certificates from last > year (the fingerprints are up-to-date). > > Thanks! I forgot to check the expiration dates on the certificates > while I was examining them; that would have been a rather obvious > tip-off. > > I fixed the page and added instructions on how to display/check the > certificates using GnuTLS, and also how to extract the certificate out > of the running server. > > Excellent, this is very helpful. > > There are a few HTML errors in that page now (or were there before): > > . mismatched <h2>Certificates</h1> at the top; > . superfluous </a> in the list of certificates, in the entry for > cvs.*gnu.org; > . doubled, unclosed heading: <h2>Check for yourself!<h2>; > . non-escaped angled-brackets in the GnuPG output surrounding email > addresses -- `<[EMAIL PROTECTED]>' instead of `<[EMAIL PROTECTED]>' -- > and in shell examples -- `certool -i < savannah.gnu.org.crt' instead > of `certool -i < savannah.gnu.org.crt'; and > . doubled, unclosed anchor: <a href="...certtool.html">doc<a>. > > I can fix all this and send a corrected page if you'd like.
Thanks, I fixed them (and a couple others with use of HTML Tidy). > Also, I wonder whether it might be worth mentioning that if the pages > are downloaded with `curl', the authenticity of the server can be > implicitly checked simply by specifying `ca.crt' with the `--cacert' > option; that is, after fetching `ca.crt', one can run `curl --cacert > ca.crt -O http://savannah.gnu.org/tls/....crt'. There may be a > similar option for `wget', but I don't know. You need to use https :) But well, I think people either already know that or use Firefox/Konqueror/etc. to do so. > Finally, it's a little confusing to have a file named > `cvs.*gnu.org.crt', even though it works on Unix. I suspect that it > may not work on Windows, but I don't know for certain -- haven't > touched a Windows machine in over a decade! --, and I don't know > whether you folks care about that. It can be mildly flummoxing to > have to deal with escaping the asterisk in Unix shells, however. I simplifies the script to have CN==filename :) MS Woe users will probably be prompted with an edited filename before saving it to disk. -- Sylvain _______________________________________________ Savannah-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/savannah-users
