[Pidgin] #15280: Upgrade webserver for pidgin.im and consistent ssl support?

Pidgin trac at pidgin.im
Mon Aug 27 01:57:06 EDT 2012

#15280: Upgrade webserver for pidgin.im and consistent ssl support?
 Reporter:  ioerror   |        Owner:  datallah
     Type:  task      |       Status:  new     
Milestone:            |    Component:  trac    
  Version:            |   Resolution:          
 Keywords:  sysadmin  |  

Comment(by kstange):

 The problem with doing this is for each hostname we have, it requires a
 separate certificate or a wildcard certificate, and possibly multiple IPs.
 SSL certificates cost money, and we are a non-profit with no wish to spend
 money where it is not needed.  We also have pidgin.im and
 developer.pidgin.im on different hosts, there's no SSL configured at all
 on the former.

 I am in favor of protecting trac generally and I think the consensus is
 that we will do this when we upgrade our server, which we hope to do soon,
 but I don't think protecting pidgin.im really gains much.  SSL-enabled
 servers are easier to overload due to the higher resource requirements of
 an SSL transaction and pidgin does not have a very powerful
 infrastructure, given it's entirely provided by donation.

 SSL is good, but I don't think HTTPS-Everywhere is reasonable or even
 helpful.  SSL where you submit data is a good practice, but when your data
 has no security implications, what does it matter?  What does it matter if
 someone MITM's someone submitting an open source patch to our publicly
 visible tracker?

 I'm being overly simplistic.  We certainly care if someone has managed a
 man in the middle attack in front of our server, but it isn't a
 universally harmful situation and not everything needs to be encrypted.

 If you are indeed just looking for trac to no longer redirect to HTTP,
 that is something we'll look to resolve, but I don't think the rest is

Ticket URL: <http://developer.pidgin.im/ticket/15280#comment:6>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list