IRC log of #schooltool for Tuesday, 2004-09-07

**** BEGIN LOGGING AT Tue Sep 7 10:50:07 2004
-->You are now talking on #schooltool10:50
-->_djs_ ( has joined #schooltool11:09
-->thisfred ( has joined #schooltool11:25
<--_djs has quit (Read error: 110 (Connection timed out))11:27
-->sabdfl ( has joined #schooltool12:12
-->stockholm ( has joined #schooltool12:23
stockholmi am the debian developer willing to upload the secured schoolbell.12:24
stockholmare you considering securing it?12:24
stockholmim sure there is some ssl web module for python?12:24
mgedminyou can put schoolbell behind apache with mod_ssl12:25
stockholmyes, i know.12:26
stockholmi argued that if you ship it "not secured" by default, it will be used that way.12:27
stockholmon debian-edu@l.d.o12:27
stockholmi cc`ed th1a.12:27
stockholmwebmin (which i would not want to use as an example for good programming practice otherwise) has a switch "ssl=1"12:29
stockholmin its config file12:29
stockholmand in debian the switch is set per default.12:30
stockholm(in gentoo it is not, i read)12:30
stockholmbut i would like something like that.12:30
stockholmjust checked with the other debian-edu developers:12:35
stockholmthey, too, think it is mandatory12:36
mgedminI've seen arguments that using SSL with self-signed certificates often gives you a false sense of security12:37
mgedminthe setup is very vulnerable to man-in-the-middle attacks12:38
mgedminalthough it does prevent simple password sniffing12:38
stockholmi dont advokate self signed certificates.12:55
stockholmi would recommend a local CA.12:55
stockholmsuppling that certificate would be our problem, makeing it handle/use the cert yours. (c:12:56
<--stockholm has quit (Read error: 113 (No route to host))13:40
<--tvon has quit (Remote closed the connection)14:23
---Disconnected ().15:56
**** ENDING LOGGING AT Tue Sep 7 15:56:09 2004

Generated by 2.15.1 by Marius Gedminas - find it at!