|
Boost : |
Subject: Re: [boost] boost.org https certificate expired 4 month ago
From: Marcin Zalewski (marcin.zalewski_at_[hidden])
Date: 2015-08-14 10:11:15
On Fri, Aug 14, 2015 at 2:51 AM Vladimir Prus <vladimir.prus_at_[hidden]>
wrote:
> On 12-Aug-15 12:38 AM, Niall Douglas wrote:
> > On 11 Aug 2015 at 1:36, Klaim - Joël Lamotte wrote:
> >
> >>> I noticed today that the https of boost.org is expired, and should
> have a
> >>> new certificate:
> >>> https://www.ssllabs.com/ssltest/analyze.html?d=boost.org
> >>>
> >>
> >> My understanding is that the process to renew the certificate was
> started
> >> few months ago but
> >> got nowhere. Not totally sure why though.
> >> The last status report from the steering committee is available there:
> >> http://permalink.gmane.org/gmane.comp.lib.boost.steering/126
> >
> > We have a new SSL cert, and have had for some months.
> >
> > The problem is installing it. We no longer have root access to the
> > server in question and I understand the person who had root access
> > isn't responding to email.
>
> It's unfortunate that the Steering Committee had not taken a decisive
> action here - either reaching other people at OSL - or deciding
> that we've lost webserver access completely, and need to start over.
>
As I said in my previous email, there was an exchange between our admin and
boost. The certificate was delivered to us, but it was incomplete, missing
the key. We asked for the key, but the email thread broke off, and we never
got the necessary files. If someone has all the necessary files, we can get
the key installed today. If nobody has the files and we should get the
certificate ourselves, we are open to that.
> > We would move to new servers, but need root access to copy off all
> > the existing data. So we keep pinging emails, and hope one day the
> > person in question replies.
>
> How about starting a new server, configuring nginx to proxy to the
> current server by IP address, and changing DNS to point to the new server?
> SSL will be handled by the new server.
>
I suggest that if someone actually has all the necessary files, we can
install them directly on the server.
> This is why we need a dedicated employed person to do this stuff,to
> > keep migration plans and plan upkeep so getting orphaned from access
> > never occurs in the first place, and even if it did there is a live
> > offsite backup configured using docker/drbd etc we can replicate
> > from. The steering committee can only authorise that spending if
> > there is consensus from boost-dev that someone should be employed to
> > do this stuff, until that happens this situation will keep recurring
> > into the future with no end in sight.
>
> Lots of open-source project manage to have a website without employing
> anybody. I think the problem is really access, not employment.
>
Again, we have a full time sys admin that can do whatever is necessary.
> - Volodya
>
>
> _______________________________________________
> Unsubscribe & other changes:
> http://lists.boost.org/mailman/listinfo.cgi/boost
>
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk