[scribus] Scribus Websites use a self-signed SSL certificate
O. Moskalenko
malex at scribus.net
Fri Jun 24 23:43:16 UTC 2011
* Barry McKenna <bmcken at pobox.com> [2011-06-24 14:57:02 -0700]:
> Re: my post above on the cursor/frame issue:
>
> I went to Mantis, intending to get the # for that report that I
> filed and my Firefox was giving me major warnings about the security
> of the Mantis:
>
> Untrusted connection.
>
> bugs.scribus.net uses an invalid security certificate.
>
> The certificate is not trusted because it is self-signed.
>
> (Error code: sec_error_untrusted_issuer)
>
> Even if you trust the site, this error could mean that someone is
> tampering with your connection.
>
> Don't add an exception unless you know there's a good reason why
> this site doesn't use trusted identification.
>
> Barry McKenna
To Barry and anyone else who is wondering what's happening here is the
official explanation from the team. All Scribus websites available through a
secure connection use our self-signed SSL certificate. Therefore, every
browser will warn you about it in the worst way possible as they don't appear
to have any good ideas about presenting correct certificate information. They
show a scary-looking blanket alert that may make it look as if something
malicious was going on. If you think logically about it you can pull up the
details of the certificate and actually see that it is signed by the Scribus
Team. We are not going to pay a lot of money for a commercially signed
certificate just to remove the browser warning. If anyone thinks that
certificates signed by an outside authority are any safer then they have not
been reading the news where a new breach at a certificate authority seems to
be disclosed every few weeks. There is no silver bullet. You have to do your
own thinking. If you think using a self-signed certificate for an SSL
connection is less safe then sending you password in the clear then go ahead
and switch from https to http to avoid the browser warning. I've re-enabled
the plain http access for bugs.scribus.net.
Regards,
Alex who actually generated and signed the certificate.
More information about the scribus
mailing list