On Wed, Mar 06, 2013 at 07:21:49PM -0800, Adam Williamson wrote: > On 06/03/13 06:41 AM, Stephen Gallagher wrote: > >I encountered an issue recently with pypi.org, where it was treating > >http://sgallagh.id.fedoraproject.org and > >https://sgallagh.id.fedoraproject.org as separate accounts (up to a > >point where they were causing tracebacks because they shared the same > >email address). > > > >So lesson learned: always drop the protocol prefix. > > The Verge does the same...the lesson I chose to learn was just to > always use https, though. Note -- I made the same decision but I found out from puiterwijk that that should be raising an error in the relying party (the website asking that you auth with fedora's openid). The reason? We don't have SSL certificates for all possible [username].id.fedoraproject.org domains. In practice I never encountered a site that worked with our http:// identities but not our https:// identities. Makes you wonder about quality of implementations a bit.... -Toshio
Attachment:
pgpFoSVePAJR3.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
