[opensuse-translation] Error when using your svn server
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! Error validating server certificate for 'https://forgesvn1.novell.com:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: forgesvn1.novell.com - Valid: from Tue, 13 May 2008 15:53:14 GMT until Fri, 11 May 2018 15:53:14 GMT - Issuer: Developer Services, Novell, Inc., Provo, Utah, US - Fingerprint: 1d:c7:e7:79:fc:8a:9c:f4:c4:4c:82:af:c6:ab:d9:d8:8e:a6:c5:fc (R)eject, accept (t)emporarily or accept (p)ermanently? What do we do? Bugzilla? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIKy8TtTMYHG2NR9URAvp7AJoC+gbT1zByVdVo+0UdYstAE/4pwACeIJ82 Eh0LBnXtWWcXcx4312dTtyo= =oAW2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-translation+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-translation+help@opensuse.org
Hi!
Error validating server certificate for 'https://forgesvn1.novell.com:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: forgesvn1.novell.com - Valid: from Tue, 13 May 2008 15:53:14 GMT until Fri, 11 May 2018 15:53:14 GMT - Issuer: Developer Services, Novell, Inc., Provo, Utah, US - Fingerprint: 1d:c7:e7:79:fc:8a:9c:f4:c4:4c:82:af:c6:ab:d9:d8:8e:a6:c5:fc (R)eject, accept (t)emporarily or accept (p)ermanently?
What do we do? Bugzilla?
This is possibly due to the bug found on Debian and Ubuntu when generating cryptographic keys. That keys have been revoked for use on several SVN that requires them. The Mandriva people said me yesterday to generate another key on another system if I want to reactivate my SVN account. Bye, Leandro Regueiro --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-translation+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-translation+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2008-05-15 at 13:36 +0200, Leandro Regueiro wrote:
Hi!
Error validating server certificate for 'https://forgesvn1.novell.com:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: forgesvn1.novell.com - Valid: from Tue, 13 May 2008 15:53:14 GMT until Fri, 11 May 2018 15:53:14 GMT - Issuer: Developer Services, Novell, Inc., Provo, Utah, US - Fingerprint: 1d:c7:e7:79:fc:8a:9c:f4:c4:4c:82:af:c6:ab:d9:d8:8e:a6:c5:fc (R)eject, accept (t)emporarily or accept (p)ermanently?
What do we do? Bugzilla?
This is possibly due to the bug found on Debian and Ubuntu when generating cryptographic keys. That keys have been revoked for use on several SVN that requires them. The Mandriva people said me yesterday to generate another key on another system if I want to reactivate my SVN account.
No, this is different. This is about Novell using a private certificate, and something they have changed somewhere. The problem is still active, so I'll write a bugzilla, as there was no answer here. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFILC30tTMYHG2NR9URAkHuAJ9xuUfgt5CV+rvbaU7LoPlzMha/cQCdErFf qCdgSnSELnQGbMu2pW9Qq2k= =gHL8 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-translation+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-translation+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2008-05-15 at 14:34 +0200, I wrote:
The problem is still active, so I'll write a bugzilla, as there was no answer here.
Bug #390746 - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFILC9btTMYHG2NR9URAsKNAJ4tvEa0kg7z2xdC0mJt6Ukr++JZSwCfR2C5 PJnbujzErjFz5yiuy79Ux80= =1+IR -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-translation+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-translation+help@opensuse.org
Why don't you simply accept (press p) the new key? :-) Regards, A. Il giorno gio, 15/05/2008 alle 14.40 +0200, Carlos E. R. ha scritto:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Thursday 2008-05-15 at 14:34 +0200, I wrote:
The problem is still active, so I'll write a bugzilla, as there was no answer here.
Bug #390746
- -- Cheers, Carlos E. R.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFILC9btTMYHG2NR9URAsKNAJ4tvEa0kg7z2xdC0mJt6Ukr++JZSwCfR2C5 PJnbujzErjFz5yiuy79Ux80= =1+IR -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-translation+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-translation+help@opensuse.org
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-translation+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-translation+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2008-05-15 at 15:17 -0500, Alberto Passalacqua wrote:
Why don't you simply accept (press p) the new key? :-)
Because I want to know if that is the correct procedure! If I accept as valid a changed certificate with no (independent) validation, there is no security at all. I might as well be using telnet or plain http. Perhaps the correct thing is to add a master certificate to /etc/ssl/certs and consider Novell as a valid CA. Or perhaps Novell should buy a certificate. I dunno. I dunno. So I ask. This is an enterprise level server, it is not mine, and I don't want to do anything wrong. There is a responsibility. I prefer to ask first and be told what to do. But changing a certificate from under our feet, without been told, and after much insistence, learning that I should accept for ever the certificate after comparing the fingerprint to the fingerprint posted in a wiki... a wiki, by definition, can be changed by anyone. It doesn't feel right. Maybe I'm too paranoid. Or too security conscious. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFILMDRtTMYHG2NR9URAiXVAJ9TRbRcJMME0pU0wZo1pzRObY3CNgCfVdWz F76jhtiSjKh7XMTJQHjqNxE= =KXVJ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-translation+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-translation+help@opensuse.org
Why don't you simply accept (press p) the new key? :-)
Because I want to know if that is the correct procedure!
If I accept as valid a changed certificate with no (independent) validation, there is no security at all. I might as well be using telnet or plain http.
Perhaps the correct thing is to add a master certificate to /etc/ssl/certs and consider Novell as a valid CA. Or perhaps Novell should buy a certificate. I dunno.
I dunno. So I ask. This is an enterprise level server, it is not mine, and I don't want to do anything wrong. There is a responsibility. I prefer to ask first and be told what to do.
But changing a certificate from under our feet, without been told, and after much insistence, learning that I should accept for ever the certificate after comparing the fingerprint to the fingerprint posted in a wiki... a wiki, by definition, can be changed by anyone.
It doesn't feel right.
Maybe I'm too paranoid. Or too security conscious.
Hehe, we are not speaking of closed code, or of secrets things, but of translations. The worst it can happen is that you need to go back in time through SVN, in case you make a mistake. So, don't worry, and accept the certificate. As explained on bugzilla, it's the right choice. :-) Regards, Alberto --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-translation+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-translation+help@opensuse.org
"Carlos E. R."
But changing a certificate from under our feet, without been told, and after much insistence, learning that I should accept for ever the certificate after comparing the fingerprint to the fingerprint posted in a wiki... a wiki, by definition, can be changed by anyone.
It is a protected wiki page. Strong security is nice, but only where it is actually needed. -- Karl Eichwalder R&D / Documentation SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-translation+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-translation+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2008-05-16 at 09:11 +0200, Karl Eichwalder wrote:
"Carlos E. R." <> writes:
But changing a certificate from under our feet, without been told, and after much insistence, learning that I should accept for ever the certificate after comparing the fingerprint to the fingerprint posted in a wiki... a wiki, by definition, can be changed by anyone.
It is a protected wiki page. Strong security is nice, but only where it is actually needed.
Ok, thanks. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFILU1ttTMYHG2NR9URAjd3AJ9qrIJzfreRGUnbd1b3vMfPhubG+wCfduGO tOj92G+dc43LYfUU6czaXfk= =9Hn7 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-translation+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-translation+help@opensuse.org
Am Freitag, 16. Mai 2008 01:01:33 schrieb Carlos E. R.:
It doesn't feel right.
Maybe I'm too paranoid. Or too security conscious. I had the same intension - so I think you did the right thing.
The point of a certificat is to give security, otherwise we could use plaintext, which is still fine for translations. But we're using SVN with all the authentification stuff, where I prefer a bit security. So even if we're not working on highly security dependent material, it's still important for as (at least for me an as it seems to Carlos too), to get informed. So asking is the right thing to do :) -- Greetings Michael
participants (6)
-
Alberto Passalacqua -
Carlos E. R. -
Carlos E. R. -
Karl Eichwalder -
Leandro Regueiro -
Michael Skiba