Closed Bug 1443303 Opened 6 years ago Closed 6 years ago

www.m.o serves sha1 from apparently a staging instance

Categories

(www.mozilla.org :: Bedrock, defect)

Product:
www.mozilla.org
Component:
Bedrock
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: mtabara, Unassigned)

References

Details

I was accidentally glancing at view-source:https://www.mozilla.org/en-US/firefox/new/?scene=2 and saw the following: 

 <li><a href="https://download-sha1.allizom.org/?product=firefox-stub&amp;os=win&amp;lang=en-US"
               class="download-link button button-green"
               data-link-type="download"
               data-download-version="winsha1"


Which sounds a lot like we're serving content from a staging instance. Given that it's sha1 stuff on win32, this might actually be expected behavior but just thought I'd escalate this. 

Also, the download-sha1.mozilla.org doesn't resolve either so I'm thinking there's a bug somewhere.
See Also: → 1443104
This is indeed expected behavior. This is for old windows operating systems and browsers that don't support newer TLS certs. When we did this the best cert we had to use was for *.allizom.org and we could no longer get a new one for mozilla.org. I'm looking for the bug where all of this happened, but I'm quite sure that this is all as expected. We expect to be able remove it all in the coming months as all of these certs expire and pre-SP2 Win XP support is dropped.
see https://bugzilla.mozilla.org/show_bug.cgi?id=1304538#c13

Thanks for the report regardless. Always good to have people looking out for things on the site.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
Thanks for the explanation, makes perfect sense now!
You need to log in before you can comment on or make changes to this bug.