[scribus] Scribus Websites use a self-signed SSL certificate

Barry McKenna bmcken at pobox.com
Sat Jun 25 00:02:37 UTC 2011


> To Barry and anyone else who is wondering what's happening here is the
> official explanation from the team. All Scribus websites available through a
> secure connection use our self-signed SSL certificate. Therefore, every
> browser will warn you about it in the worst way possible as they don't appear
> to have any good ideas about presenting correct certificate information. They
> show a scary-looking blanket alert that may make it look as if something
> malicious was going on. If you think logically about it you can pull up the
> details of the certificate and actually see that it is signed by the Scribus
> Team. We are not going to pay a lot of money for a commercially signed
> certificate just to remove the browser warning. If anyone thinks that
> certificates signed by an outside authority are any safer then they have not
> been reading the news where a new breach at a certificate authority seems to
> be disclosed every few weeks. There is no silver bullet. You have to do your
> own thinking. If you think using a self-signed certificate for an SSL
> connection is less safe then sending you password in the clear then go ahead
> and switch from https to http to avoid the browser warning. I've re-enabled
> the plain http access for bugs.scribus.net.
>
> Regards,
>
> Alex who actually generated and signed the certificate.

Alex,

Thanks for this explanation and for all of the work you 
bring to Scribus.

I was particularly concerned because I have used Mantis a 
number of times over the past few years and never saw any 
such warning. Your explanation is helpful and your reasoning 
about the issue is excellent.

Barry McKenna



More information about the scribus mailing list