I notice the wiki runs on a secure site. Can't the powers that be sort out the certificate for that site? I keep getting 'certificate can't be verified' messages when I visit.

BTW this may be the wrong group but I can't find a more appropriate one.

m.

I notice the wiki runs on a secure site. Can't the powers that be sort out the certificate for that site? I keep getting 'certificate can't be verified' messages when I visit.

BTW this may be the wrong group but I can't find a more appropriate one.

m.

If you mean the official wiki - then you would be correct, we have nothing to do with the official wiki - and ironically enough, you'd have to leave a comment on the wiki to let them know there is a problem.

They have always used a self-signed certificate.

In firefox you can just choose to always accept the cert to bypass future warnings if you wish..

Hmmm...just thought of something. I'm on XP right now, but have they added themselves to the cert list on the browsers that come with Breezy so that doesn't pop up?

In firefox you can just choose to always accept the cert to bypass future warnings if you wish..

But the idea of certificates is that they should be traceable to one held by a trusted authority (like Verisign) and they should be current. Bypassing this check means that the security is compromised. If we don't need it why have the wiki on a secure site? If the doc people on Ubuntu can't get this elementary security right, can we trust the Operating System to be secure? It just creates the wrong impression.

m.

If the doc people on Ubuntu can't get this elementary security right, can we trust the Operating System to be secure? .

http://en.wikipedia.org/wiki/Thawte
Thawte Consulting is a certificate authority (CA) for X.509 certificates. Thawte was founded in 1995 by Mark Shuttleworth in South Africa and is the second largest public CA on the Internet.

In 1999 VeriSign acquired Thawte in a stock purchase from Shuttleworth for $575 million US dollars and thereby enabled Shuttleworth to become the second space tourist.




It just creates the wrong impression.

m.

I agree. I think it is a question of the conditions of the sale...

I agree that it's not ideal ATM. The reason it uses a secure connection though is that the wiki authenticates users at Launchpad, which uses https. If someone were to capture your password when you logged in they would have your Launchpad password, which gives access to all the Ubuntu sites and more.

However, since the wiki uses a cookie to auto log you in, the secure connection shouldn't be rquired after you've registered. I'll discuss this with the Launchpad people.