Re: bigsql installer's SSL certificate expired

Hi,

On 2019-04-29 15:52:54 -0400, Jonathan S. Katz wrote:
> On 4/29/19 3:05 PM, Jonathan S. Katz wrote:
> > On 4/29/19 2:51 PM, Daniel Gustafsson wrote:
> >> On Monday, April 29, 2019 8:33 PM, Andres Freund <andres(at)anarazel(dot)de> wrote:
> >>> While looking up wether the bigsql installer still supports 32bit
> >>> windows (yes, I feel I need to justify that ;)), I just noticed that the
> >>> link from
> >>> https://www.postgresql.org/download/windows/
> >>> leads to
> >>> https://www.bigsql.org/postgresql/installers.jsp/
> >>>
> >>> and that I get an invalid cert warning there. Which seems accurate:
> >>>
> >>> Issued On Wednesday, March 28, 2018 at 5:00:00 PM
> >>> Expires On Monday, April 29, 2019 at 5:00:00 AM
> >>>
> >>> So, right now our download page links to something that'll look like a
> >>> security issue to many.
> >
> > Yeah, those are not great optics.
> >
> >> Considering how browsers deal with expired certificates, I am in favour of
> >> temporarily removing the links until the certificate has been updated.
> >
> > I would prefer not to have to go down this path (patch pgweb to hide,
> > and hopefully then repatch pgweb to not hide) but I'm ok with it if it's
> > not fixed quickly, per above points.
>
> Swapping contact info so people can see emails.
>
> Per some off-list conversations, the BigSQL team said they should have
> the cert updated by today by 5pm EDT. I'm ok with giving them until then
> before disabling the URLs.

I think BigSQL should also communicate on-list about this.

Greetings,

Andres Freund