Custom Query (196 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:

Results (34 - 36 of 196)

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
Ticket Owner Reporter Resolution Summary
#341 adehnert duplicate Keep updated our supported autoinstallers
Description

We currently have several autoinstallers that aren't up-to-date with their upstream. We should keep them updated.

Some options include:

  • making updating things easier, through technical measures and/or better documenting Wizard
  • make this a non-issue by desupporting a bunch of autoinstallers (at the moment, this would probably mean gallery2 and phpbb, since MediaWiki? and WordPress? are uber-popular, and Git, Trac, TurboGears?, Django, and Rails probably all just ~symlink to Fedora packages)
  • make this less of an issue by advertising two tiers of support, and relegating the things we barely care about and suck at updating to a lower tier of support
#371 achernya fixed SMTP should be checked on a realserver properly
Description

Currently, the directors check port 25 on each machine to see if postfix is running. This is bad, since it means we can't nolvs a machine and prevent it from also handling mail. Mitch wrote patches a few years ago that use the nagios ldap check and provide the smtp service that heartbeat can ping. This allows us to nolvs a machine and have it drop out of all services, meaning we can temporarily take a wedged machine out of the pool for debugging.

#400 andersk fixed SHA-1 certificates from mitcert since 2013 will be degraded by Chrome
Description

davidben points out that Chrome will be degrading SHA-1 certificates valid past 2016-01-01:

The following changes to Chromium's handling of SHA-1 are proposed:

  • All SHA-1-using certificates that are valid AFTER 2017/1/1 are treated insecure, but without an interstitial. That is, they will receive a degraded UI indicator, but users will NOT be directed to click through an error page.
  • Additionally, the mixed content blocker will be taught to treat these as mixed content, which WILL require a user action to interact with.
  • All SHA-1-using certificates that are valid AFTER 2016/1/1 are treated as insecure, but without an interstitial. They will receive a degraded UI indicator, but will NOT be treated as mixed content.

This seems to include all certificates that mitcert/InCommon has issued (and continues to issue!) since 2013-01-01, since they have a three year expiration date.

So we’re going to need to replace all these certificates soon. This might also be a good excuse to move to a 2048-bit private key (because a 4096-bit certificate signed by 2048-bit CAs provides no security benefit and is noticeably slower).

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
Note: See TracQuery for help on using queries.