-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed 01 May 2013 11:15:30 AM EDT, Till Maas wrote: > Hi, > > On Tue, Mar 05, 2013 at 05:19:50PM -0700, Kevin Fenzi wrote: > >> More information is available at: >> >> https://fedoraproject.org/wiki/OpenID > > I hope that nobody used that until now, otherwise I am disappointed > that nobody noticed before me that Firefox does not properly > validate https://id.fedoraproject.org/ > > saying "your connection to the site is only partially encrypted and > does not prevent eavesdropping". I assume the problem is this entry > from the CSS file: > > @import > url(http://fonts.googleapis.com/css?family=Cantarell:400,700); > > And this opens the question why a central Fedora service is using > third party, probably non-FOSS services leading only to less > security. > > Regards Till This has been noticed and fixed. It should be going into production soon (it's in staging now). https://github.com/fedora-infra/fas-openid/issues/14 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGBW3AACgkQeiVVYja6o6ObMQCePql1z8zLXGdfagt/MlJdJupN 24sAn1vjuOaXiaAe7vKmgUF0fv6BfajN =Vl6K -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
