Hi,
I just want to make sure that everyone is aware that the Fedora store does not have a good security rating regarding its TLS support and that the people who can fix this are aware of the problem: https://www.ssllabs.com/ssltest/analyze.html?d=redhat.corpmerchandise.com
I noticed this is a blog comment about the forgotten intermediate TLS certificate in the shop: http://blogs.gnome.org/mcatanzaro/2015/01/30/mozilla-is-responsible-for-the-...
Regards Till
We don't run corpmerchandise.com, perhaps they can help.
On Fri Feb 13 2015 at 16:34:57 Till Maas opensource@till.name wrote:
Hi,
I just want to make sure that everyone is aware that the Fedora store does not have a good security rating regarding its TLS support and that the people who can fix this are aware of the problem: https://www.ssllabs.com/ssltest/analyze.html?d=redhat.corpmerchandise.com
I noticed this is a blog comment about the forgotten intermediate TLS certificate in the shop: http://blogs.gnome.org/mcatanzaro/2015/01/30/mozilla- is-responsible-for-the-redhat-corpmerchandise-com-fiasco/
Regards Till -- marketing mailing list marketing@lists.fedoraproject.org List info or to change your subscription: https://admin.fedoraproject.org/mailman/listinfo/marketing
Hi Till
Thanks for pointing it out. But I would suggest you to send the issue identified to corpmerchandise.com. It would help a lot as that domain is responsible for the hosting. Rather than fedora or redhat.
On Saturday 14 February 2015, Till Maas opensource@till.name wrote:
Hi,
I just want to make sure that everyone is aware that the Fedora store does not have a good security rating regarding its TLS support and that the people who can fix this are aware of the problem: https://www.ssllabs.com/ssltest/analyze.html?d=redhat.corpmerchandise.com
I noticed this is a blog comment about the forgotten intermediate TLS certificate in the shop:
http://blogs.gnome.org/mcatanzaro/2015/01/30/mozilla-is-responsible-for-the-...
Regards Till -- marketing mailing list marketing@lists.fedoraproject.org javascript:; List info or to change your subscription: https://admin.fedoraproject.org/mailman/listinfo/marketing
Hi,
On Sat, Feb 14, 2015 at 10:46:43AM +0530, beta tester wrote:
Thanks for pointing it out. But I would suggest you to send the issue identified to corpmerchandise.com. It would help a lot as that domain is responsible for the hosting. Rather than fedora or redhat.
thank you for the suggestion, but it is not that helpful. Since I believe that someone from Red Hat is paying corpmerchandise.com, they probably can reach out so someone who can fix this a lot easier than someone like me who corpmerchandise.com probably does not care about. Also there is not even any contact information available at http://corpmerchandise.com/
Regards Till
Following up on this thread--they did accept the feedback and were responsive. This morning I got the following message:
The SPP disable of SSL v3, originally scheduled for this week, has been postponed to March 23rd due to significant negative impacts for some of our customers. We need to allow them time to make the necessary updates on their side to avoid any ordering implications. As we service approximately 400 different customer eStores, it's been a challenge to ensure each client has made the updates. We apologize for the delay and I'll keep you informed as we finally get this potential security issue corrected
marketing@lists.fedoraproject.org