-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed 01 May 2013 11:15:30 AM EDT, Till Maas wrote:
Hi,
On Tue, Mar 05, 2013 at 05:19:50PM -0700, Kevin Fenzi wrote:
> More information is available at:
>
>
https://fedoraproject.org/wiki/OpenID
I hope that nobody used that until now, otherwise I am disappointed
that nobody noticed before me that Firefox does not properly
validate
https://id.fedoraproject.org/
saying "your connection to the site is only partially encrypted and
does not prevent eavesdropping". I assume the problem is this entry
from the CSS file:
@import
url(http://fonts.googleapis.com/css?family=Cantarell:400,700);
And this opens the question why a central Fedora service is using
third party, probably non-FOSS services leading only to less
security.
Regards Till
This has been noticed and fixed. It should be going into production
soon (it's in staging now).
https://github.com/fedora-infra/fas-openid/issues/14
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlGBW3AACgkQeiVVYja6o6ObMQCePql1z8zLXGdfagt/MlJdJupN
24sAn1vjuOaXiaAe7vKmgUF0fv6BfajN
=Vl6K
-----END PGP SIGNATURE-----