New Fedora openid provider (fas-openid) in service
Stephen Gallagher
sgallagh at redhat.com
Wed May 1 18:14:08 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed 01 May 2013 11:15:30 AM EDT, Till Maas wrote:
> Hi,
>
> On Tue, Mar 05, 2013 at 05:19:50PM -0700, Kevin Fenzi wrote:
>
>> More information is available at:
>>
>> https://fedoraproject.org/wiki/OpenID
>
> I hope that nobody used that until now, otherwise I am disappointed
> that nobody noticed before me that Firefox does not properly
> validate https://id.fedoraproject.org/
>
> saying "your connection to the site is only partially encrypted and
> does not prevent eavesdropping". I assume the problem is this entry
> from the CSS file:
>
> @import
> url(http://fonts.googleapis.com/css?family=Cantarell:400,700);
>
> And this opens the question why a central Fedora service is using
> third party, probably non-FOSS services leading only to less
> security.
>
> Regards Till
This has been noticed and fixed. It should be going into production
soon (it's in staging now).
https://github.com/fedora-infra/fas-openid/issues/14
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlGBW3AACgkQeiVVYja6o6ObMQCePql1z8zLXGdfagt/MlJdJupN
24sAn1vjuOaXiaAe7vKmgUF0fv6BfajN
=Vl6K
-----END PGP SIGNATURE-----
More information about the devel
mailing list