On 4/29/19 3:05 PM, Jonathan S. Katz wrote:
> On 4/29/19 2:51 PM, Daniel Gustafsson wrote:
>> On Monday, April 29, 2019 8:33 PM, Andres Freund <andres@anarazel.de> wrote:
>>
>>> Hi,
>>>
>>> While looking up wether the bigsql installer still supports 32bit
>>> windows (yes, I feel I need to justify that ;)), I just noticed that the
>>> link from
>>> https://www.postgresql.org/download/windows/
>>> leads to
>>> https://www.bigsql.org/postgresql/installers.jsp/
>>>
>>> and that I get an invalid cert warning there. Which seems accurate:
>>>
>>> Issued On Wednesday, March 28, 2018 at 5:00:00 PM
>>> Expires On Monday, April 29, 2019 at 5:00:00 AM
>>>
>>> So, right now our download page links to something that'll look like a
>>> security issue to many.
>
> Yeah, those are not great optics.
>
>> Considering how browsers deal with expired certificates, I am in favour of
>> temporarily removing the links until the certificate has been updated.
>
> I would prefer not to have to go down this path (patch pgweb to hide,
> and hopefully then repatch pgweb to not hide) but I'm ok with it if it's
> not fixed quickly, per above points.
Swapping contact info so people can see emails.
Per some off-list conversations, the BigSQL team said they should have
the cert updated by today by 5pm EDT. I'm ok with giving them until then
before disabling the URLs.
I have the patch ready, and will push @ 5 should the cert not be updated.
Thanks,
Jonathan