1238938 - hg.mozilla.org still uses SHA-1 certificate

Status: RESOLVED DUPLICATE of bug 1147548

(Infrastructure & Operations :: SSL Certificates, task)

Description

[Gervase Markham [:gerv]]

https://hg.mozilla.org/ uses a SHA-1 cert. I know www.mozilla.org is a special case but surely all other Mozilla sites should have upgraded to SHA-256 by now?

Gerv

Comment 1

[:Atoll]

Surely. Except, when we upgrade that certificate to SHA-2, every hg client in the entire world will present an alarming "fingerprint changed" warning to users.

Bug 1147548 has more about this issue, but please consider reaching out to Developer Services directly to find out more about their planned deployment timelines here.

Comment 2

[Gervase Markham [:gerv]]

(In reply to Richard Soderberg [:atoll] from comment #1)
> Surely. Except, when we upgrade that certificate to SHA-2, every hg client
> in the entire world will present an alarming "fingerprint changed" warning
> to users.

Well, that's unfortunate. Almost as unfortunate as the fact that we worked this out 10 months ago and seem to have not done anything about it... 
 
> Bug 1147548 has more about this issue, but please consider reaching out to
> Developer Services directly to find out more about their planned deployment
> timelines here.

Why are those timelines not in the bug? Is there some secret about us doing this?

Gerv

Comment 3

[Peter Radcliffe [:pir]]

I assume that would be a question for Dev Services...

Comment 4

[:Atoll]

(In reply to Gervase Markham [:gerv] from comment #2)
> Is there some secret about us doing this?

I removed the infra flag I (incorrectly) set on that bug. You'll need to direct your remaining questions to developer services. Please direct any further questions/comments regarding this issue to bug 1147548 so we're not discussing this issue in two places unnecessarily.