From: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
---|---|
To: | Daniel Gustafsson <daniel(at)yesql(dot)se>, Andres Freund <andres(at)anarazel(dot)de> |
Cc: | luss(at)amazon(dot)com, mlodj(at)amazon(dot)com, "pgsql-www(at)postgresql(dot)org" <pgsql-www(at)postgresql(dot)org>, Postgres packagers <pgsql-packagers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: bigsql installer's SSL certificate expired |
Date: | 2019-04-29 21:01:13 |
Message-ID: | a52d1b6f-4680-c4e2-8782-6b9a2173946e@postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
On 4/29/19 3:52 PM, Jonathan S. Katz wrote:
> On 4/29/19 3:05 PM, Jonathan S. Katz wrote:
>> On 4/29/19 2:51 PM, Daniel Gustafsson wrote:
>>> On Monday, April 29, 2019 8:33 PM, Andres Freund <andres(at)anarazel(dot)de> wrote:
>>>
>>>> Hi,
>>>>
>>>> While looking up wether the bigsql installer still supports 32bit
>>>> windows (yes, I feel I need to justify that ;)), I just noticed that the
>>>> link from
>>>> https://www.postgresql.org/download/windows/
>>>> leads to
>>>> https://www.bigsql.org/postgresql/installers.jsp/
>>>>
>>>> and that I get an invalid cert warning there. Which seems accurate:
>>>>
>>>> Issued On Wednesday, March 28, 2018 at 5:00:00 PM
>>>> Expires On Monday, April 29, 2019 at 5:00:00 AM
>>>>
>>>> So, right now our download page links to something that'll look like a
>>>> security issue to many.
>>
>> Yeah, those are not great optics.
>>
>>> Considering how browsers deal with expired certificates, I am in favour of
>>> temporarily removing the links until the certificate has been updated.
>>
>> I would prefer not to have to go down this path (patch pgweb to hide,
>> and hopefully then repatch pgweb to not hide) but I'm ok with it if it's
>> not fixed quickly, per above points.
>
> Swapping contact info so people can see emails.
>
> Per some off-list conversations, the BigSQL team said they should have
> the cert updated by today by 5pm EDT. I'm ok with giving them until then
> before disabling the URLs.
>
> I have the patch ready, and will push @ 5 should the cert not be updated.
Unfortunately the deadline has not been met, so I have remove the links
for the time being.
Jonathan
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2019-04-30 23:19:31 | Lost emails |
Previous Message | Andres Freund | 2019-04-29 20:05:51 | Re: bigsql installer's SSL certificate expired |