On Sat, Sep 01, 2018 at 06:21:05PM +0000, Debian Bug Tracking System wrote: > > There's no reportbug.debian.org website, so it shouldn't have a SAN on > 443.
and yet it does exist: http://reportbug.debian.org/ shows: Welcome to buxtehude! This is buxtehude, a system run by and for the Debian Project. She does stuff. What kind of stuff and who our kind sponsors are you might learn on db.debian.org. DSA https://reportbug.debian.org (once you tell your browser to ignore the invalid certificate) also exists, serving a 301 page. > > It happens to have the same IP address as bugs.debian.org, but that's > OK, not all CNAMEs have websites. [Its purpose is to point at the place > that accepts reportbug mail so that we can control that location through > DNS rather than to software updates in the field.] The content is not the same as bugs.debian.org; see above. That means that someone explicitly set up 2 vhosts for reportbug.debian.org. > We don't currently bother with the CA mafia for signing TLS certificates > for SMTP, because there's not much point to this. [And since the entire > content of the message is going to be public anyway, it doesn't make > much sense.] Thus missing two of the main reasons for TLS, authentication and message integrity verification. LetsEncrypt certificates are free, and used elsewhere by the debian.org website, so it's not really the CA mafia. Again, someone went to all the trouble of making a custom certificate for buxtehude smtp, complete with Ankh Morpork, so you can't really say you don't bother with it. If you trutly didn't care, why not just keep the default, e.g. "Internet Widgits Pty Ltd". -- Brian Minton brian at minton dot name https://brian.minton.name Live long, and prosper longer! OpenPGP fingerprint = 8213 71DD 4665 CF4F AE20 2206 0424 DC19 B678 A1A9
signature.asc
Description: PGP signature
