Re: bigsql installer's SSL certificate expired

On 4/29/19 3:52 PM, Jonathan S. Katz wrote:
> On 4/29/19 3:05 PM, Jonathan S. Katz wrote:
>> On 4/29/19 2:51 PM, Daniel Gustafsson wrote:
>>> On Monday, April 29, 2019 8:33 PM, Andres Freund <andres(at)anarazel(dot)de> wrote:
>>>
>>>> Hi,
>>>>
>>>> While looking up wether the bigsql installer still supports 32bit
>>>> windows (yes, I feel I need to justify that ;)), I just noticed that the
>>>> link from
>>>> https://www.postgresql.org/download/windows/
>>>> leads to
>>>> https://www.bigsql.org/postgresql/installers.jsp/
>>>>
>>>> and that I get an invalid cert warning there. Which seems accurate:
>>>>
>>>> Issued On Wednesday, March 28, 2018 at 5:00:00 PM
>>>> Expires On Monday, April 29, 2019 at 5:00:00 AM
>>>>
>>>> So, right now our download page links to something that'll look like a
>>>> security issue to many.
>>
>> Yeah, those are not great optics.
>>
>>> Considering how browsers deal with expired certificates, I am in favour of
>>> temporarily removing the links until the certificate has been updated.
>>
>> I would prefer not to have to go down this path (patch pgweb to hide,
>> and hopefully then repatch pgweb to not hide) but I'm ok with it if it's
>> not fixed quickly, per above points.
>
> Swapping contact info so people can see emails.
>
> Per some off-list conversations, the BigSQL team said they should have
> the cert updated by today by 5pm EDT. I'm ok with giving them until then
> before disabling the URLs.
>
> I have the patch ready, and will push @ 5 should the cert not be updated.

Unfortunately the deadline has not been met, so I have remove the links
for the time being.

Jonathan