bugzilla.mozilla.org protected with SSL encryption
This evening I installed an SSL certificate for bugzilla.mozilla.org and started redirecting all Bugzilla URLs to their encrypted equivalents. You now need an SSL-enabled browser to access bugzilla.mozilla.org, and communication between the server and its users is encrypted while in transmission. All Bugzilla functions should continue to work as normal, although pages you loaded before the switchover may need to be reloaded before you submit forms on them. Contact sysadmins at mozilla dot org if you see any critical problems related to the change; file a bug in the Server Operations component of the mozilla.org product for non-critical issues.
This is great news! It's nice to see Bugzilla's resources protection increased.Comment by Fabián Rodríguez at September 21, 2004 08:40 PM | Permalink
I have one question for you... why? Why has everything been moved over to a secure connection?
I could see if for security related bugs but other then that I can't think of any reason why you'd want to do this.
- Can't submit from Thunderbird to this list :(Comment by Neil at September 21, 2004 09:00 PM | Permalink
Will this reduce the ammount of spam bugzilla account email addresses get in anyway?
The least they can do is hide email addresses for anyone that's not loged in..Comment by berkut at September 21, 2004 09:57 PM | Permalink
Two reasons, Neil:
It's the bugs which deal with relations with other companies. Say, for instance, the Mozilla Foundation has a bug on working with Google (hypothetically, of course). The bug can be marked as private to only a certain group of Bugzilla accounts easily. However, if someone's eavesdropping on even one connection with the bug page using a properly permissioned account, the privateness of the bug is compromised.
Without a secure connection, it's also possible to do the same thing for login attempts. Find someone with the proper permissions and you can see anything.
Personally, I'd guess securing Bugzilla connections is something that's been strongly encourage by outside companies more than by insiders with the Foundation itself (tho doubtless they played at least some part in making this happen).Comment by Jeff Walden at September 21, 2004 10:38 PM | Permalink