On 2016/10/01 4:23, Ralph Giles wrote:
The change was announced here and on firefox-dev a few weeks ago. See
for example
https://groups.google.com/d/msg/mozilla.dev.platform/LOC83qKUPfk/cZtmaEbOAwAJ
Obviously I missed it during a busy trip. Thank you.
(It would be nice to have the announcement on dev-apps-thunderbird and
dev-builds ML as well. I would have noticed this if all these MLs have
the announcement...)
It might be nice if `mach mercurial-setup` did this kind of update?
As Gregory Szorc <g...@mozilla.com> already noted, it is an egg and
chicken problem. As a matter of fact, I tried "mach mercurial-setup"
just in case, and bumped into the already outdated cert issue since
the data/code used by mach mercurial-setup is taken from hg.mozilla.org.
My |hg| is 3.9.1, but I am not sure if my Python is new enough so that
the security handling mentioned by Gregory works or not.
Short of automation and one-time announcement,
it may be a good idea to have a secure web page that lists the latest
fingerprint of certs used by major mozilla servers that users interact
DIRECTLY (bugzilla and hg come to my mind.)
Then many of us can calmly check the fingerprints for the servers when
some mismatch is reported by tools like ssh/https-related tools, and
decide to update the local check/verification data assuming that they
have missed the update announcements.
TIA
-r
On Fri, Sep 30, 2016 at 12:18 PM, ISHIKAWA,chiaki <ishik...@yk.rim.or.jp> wrote:
In the last few days, hg.mozilla.org certificate fingerprint seems to have
changed.
I noticed this because the trial to update local copy of mozilla-central
repository within C-C repository failed due to
m-central/mozilla', 'https://hg.mozilla.org/mozilla-central/']
pulling from https://hg.mozilla.org/mozilla-central/
abort: certificate for hg.mozilla.org has unexpected fingerprint
73:7f:ef:ab:68:0f:49:3f:88:91:f0:b7:06:69:fd:8f:f2:55:c9:56
(check hostfingerprint configuration)
But I did not see any announcement of this change.
(It is possible that I missed it during a hectic schedule during a trip).
However, it is great to see a posting of such major infra change in advace,
especially security-related one.
Finally, I bit the bullet and changed it, but checked bugzilla
just in case, and found
https://bugzilla.mozilla.org/show_bug.cgi?id=1305909
which seems to be related.
Automation is nice, but I still would like to see an announcement of server
certificate change in advance.
TIA
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
