Re: jabber.gnome.org: a proposal

From: Andrea Veri <av gnome org>
To: Foundation List <foundation-list gnome org>
Subject: Re: jabber.gnome.org: a proposal
Date: Thu, 14 Mar 2013 12:34:10 +0100

There's a specific kind of SSL certificate to be set up in this case, you just can't use the same certificate used by a web server for example. Our CA gives us the possibility to issue a jabber-specific-certificate without any burden. The main blockers I currently see are:

1. SSL, is it really broken? the Openfire team released 3.8.1 on the 3rd of March 2013, is that version still broken or supposed to be in regard of SSL?

2. should we integrate it with LDAP as we do now? this is indeed nice but it takes in some security exposures, also there is no easy way for Foundation members without a Git account to request their password reset on their own (all the resets should be done by hand by me)

3. Foundation members need to be added on LDAP (still), thus there is no easy way for the server to authenticate an user against a specific LDAP entry, so ideally even someone not being a Foundation member (but with a git account and an LDAP password for the user) could connect to jabber.gnome.org.

This takes in another problem, is the service supposed for Foundation members or for the "big public"? (where "big public" means all the GNOME contributors having a Git account)

2013/3/14 Olav Vitters <olav vitters nl>

On Tue, Mar 12, 2013 at 09:26:33AM +0100, Bastien Nocera wrote:
> to maintain the OpenFire Jabber server. First, as Olav mentioned,
> there's no SSL support for a service where you would expect privacy.

There is SSL. Just that:
1) they broke it in a newer version and never fixed it in any
reasonable timeframe (3 months)
2) getting the certificate installed was a complete mess. Had to convert
the standard certificate in some terrible format and took a lot of
effort to figure out.

Current server does SSL IIRC. Though maybe by now it expired again.

What I had to go through for SSL:
https://bugzilla.gnome.org/show_bug.cgi?id=592836#c8

Couldn't quickly see the bug about openfire messing up their SSL
support. 'Fix' was easy though, downgrading.

--
Regards,
Olav

_______________________________________________
foundation-list mailing list
foundation-list gnome org
https://mail.gnome.org/mailman/listinfo/foundation-list

--
Cheers,

Andrea

Debian Developer,
Fedora / EPEL packager,
GNOME Sysadmin,
GNOME Foundation Membership & Elections Committee Chairman

Homepage: http://www.gnome.org/~av

Follow-Ups:
- Re: jabber.gnome.org: a proposal
  - From: Shaun McCance

References:
- jabber.gnome.org: a proposal
  - From: Shaun McCance
- Re: jabber.gnome.org: a proposal
  - From: Bastien Nocera
- Re: jabber.gnome.org: a proposal
  - From: Olav Vitters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]