[scribus] Scribus Websites use a self-signed SSL certificate

[Barry McKenna]

> To Barry and anyone else who is wondering what's happening here is the
> official explanation from the team. All Scribus websites available through a
> secure connection use our self-signed SSL certificate. Therefore, every
> browser will warn you about it in the worst way possible as they don't appear
> to have any good ideas about presenting correct certificate information. They
> show a scary-looking blanket alert that may make it look as if something
> malicious was going on. If you think logically about it you can pull up the
> details of the certificate and actually see that it is signed by the Scribus
> Team. We are not going to pay a lot of money for a commercially signed
> certificate just to remove the browser warning. If anyone thinks that
> certificates signed by an outside authority are any safer then they have not
> been reading the news where a new breach at a certificate authority seems to
> be disclosed every few weeks. There is no silver bullet. You have to do your
> own thinking. If you think using a self-signed certificate for an SSL
> connection is less safe then sending you password in the clear then go ahead
> and switch from https to http to avoid the browser warning. I've re-enabled
> the plain http access for bugs.scribus.net.
>
> Regards,
>
> Alex who actually generated and signed the certificate.

Alex,

Thanks for this explanation and for all of the work you 
bring to Scribus.

I was particularly concerned because I have used Mantis a 
number of times over the past few years and never saw any 
such warning. Your explanation is helpful and your reasoning 
about the issue is excellent.

Barry McKenna