openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <>
Subject Re: call for help to test AOO www and AOO wiki (certificates for *.o.o)
Date Sun, 27 Oct 2013 12:34:25 GMT
On Sun, Oct 27, 2013 at 4:05 AM, janI <> wrote:
> On 27 October 2013 02:58, Ariel Constenla-Haile <> wrote:
>> On Sat, Oct 26, 2013 at 09:30:06PM -0400, Rob Weir wrote:
>> > On Sat, Oct 26, 2013 at 5:05 PM, Ariel Constenla-Haile
>> > <> wrote:
>> > > On Sat, Oct 26, 2013 at 10:54:59PM +0200, janI wrote:
>> > >> Hi.
>> > >>
>> > >> now accept both http: and https: as announced
>> > >> earlier.
>> > >>
>> > >> We have however seen that e.g. product.css contain image tag with
>> > >> http://xxx.  All references must be relative (without http: and
>> > >> https:). I hope the web admins can do make the needed changes.
>> > >
>> > > There are 26,349 matches of "" in
>> > > ooo-site.
>> > >
>> >
>> > We *are not* going to change to a system that requires that links to
>> > are all https.  I hope that is not what is being
>> > suggested.  Remember, we have 10's of thousands of *external* links to
>> > our website that we do control and cannot change.
>> >
>> > Please someone, tell me that this is not what is being suggested here.
> No its not, as I wrote in the part you quote, will
> continue to have https: but also https: as pr request from the project.
> But if I might remind you sent a mail to infra, asking why https: was not
> implemented for, which I and pctony responded to.
> And if you look at INFRA-6608, you will see a comment from andrea 3 August:
> "And we will want to use it, even though there is no authentication there,
> for
> http(s)://
> (this is mainly because we receive a steady, even if low, amount of
> complaints from users who cannot browse our main site on HTTPS). "
> We infra have done exactly as the project asked us to do according to
> INFRA-6608, and that is not correct ??

There is nothing wrong, IMHO, with supporting https for  There is nothing wrong, IMHO, with *not*
supporting https for as well.  The problem has been
the confusion caused to users when they get an error about an invalid
certificate when using https with www.openoffice, due to the certificate previously associated with it.  The mismatch
was the issue.  But it should be sufficient to support https on
request for the www subdomain.  We don't have any security reason to
have it be the default for the static website, or at least none that I
know of.

So that is the question:  support https versus automatically
redirecting http to https.

My concern, as stated, was regarding the stability of external URLs
using http and whether they would continue to resolve.   I wanted to
have some discussion before we started to make bulk edit changes to
thousands of web and wiki pages.  I don't think this request was

> I actually never understood why https: was wanted on,
> but it was not a problem to do it, so it was done.

Hopefully what I wrote above clarifies.

> today is a  day where I am less proud of being AOO-PMC. We (AOO) have been
> after infra to get a certificate and get it implemented. Yesterday mark
> took a big chunk of time and with some help from me, got it implemented. I
> think infra should have a "thank you", instead !
> I have of course a double heart in this situation, but I am sure this is
> not a good way, to work together.

Jan, you don't live in a question-free zone.  No one's actions in this
project are immune from other project members expressing opinions or
asking questions.  Understanding that and accepting that is a good way
to work together.

And thanks for your efforts. They are, as always, greatly appreciated.


> rgds
> jan I.
>> were you have href="", it should
>> be href="/some_resource" (nothing crazy, but a good practice).
>> Grepping href=["'] gives 25,026 matches.
>> Regards
>> --
>> Ariel Constenla-Haile
>> La Plata, Argentina

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message