Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#8186] - Switch update server to HTTPS

?
avatar mbabker
mbabker
28 Oct 2015

Our update server now supports SSL connections. The CMS should be updated to query update.joomla.org via HTTPS.

avatar mbabker mbabker - open - 28 Oct 2015
avatar zero-24 zero-24 - change - 28 Oct 2015
Labels Added: ?
avatar Bakual Bakual - change - 28 Oct 2015
Milestone Added:
avatar zero-24 zero-24 - close - 29 Oct 2015
avatar zero-24
zero-24 - comment - 29 Oct 2015

see: #8196

avatar zero-24 zero-24 - change - 29 Oct 2015
Status New Closed
Closed_Date 0000-00-00 00:00:00 2015-10-29 11:14:45
Closed_By zero-24
avatar zero-24 zero-24 - close - 29 Oct 2015
avatar zero-24 zero-24 - change - 29 Oct 2015
Milestone Removed:
avatar mbabker mbabker - change - 7 Jan 2016
Status Closed New
Closed_Date 2015-10-29 11:14:44
Closed_By zero-24
avatar mbabker mbabker - reopen - 7 Jan 2016
avatar mbabker mbabker - reopen - 7 Jan 2016
avatar mbabker mbabker - change - 27 Jan 2016
Status New Closed
Closed_Date 0000-00-00 00:00:00 2016-01-27 16:04:39
Closed_By mbabker
avatar mbabker mbabker - close - 27 Jan 2016
avatar mbabker
mbabker - comment - 27 Jan 2016

Closing due to the commentary in the now closed pull request and the reluctance as a whole to enforce HTTPS connections on joomla.org properties.

avatar mbabker mbabker - close - 27 Jan 2016
avatar wilsonge
wilsonge - comment - 14 May 2016

I think we now have everything ready to use https as of 3.6

avatar andrepereiradasilva
andrepereiradasilva - comment - 14 May 2016

IMO one thing missing. the joomlacode.org language packs:

Example for pt-PT:

Also all language packs should use https in their manifest update server (not just en-GB) right?.

avatar mbabker
mbabker - comment - 14 May 2016

The project doesn't have a SSL certificate for joomlacode.org, opensourcematters.org, or the joom.la vanity URL.

avatar andrepereiradasilva
andrepereiradasilva - comment - 14 May 2016

yes, you already told me that i forgot.

but still

Also all language packs should use https in their manifest update server (not just en-GB) right?.

i also talked to jean marie about this.

avatar mbabker
mbabker - comment - 14 May 2016

In a perfect world yes they would specify HTTPS in their manifests. This also assumes they specify one (I don't know how they're structured so I don't know if they actually specify it or rely on the core's way of fetching the language packages to decide this).

avatar wilsonge
wilsonge - comment - 14 May 2016

joomlacode is dead soon. Me and Roland are getting together for 3 days at the end of June to finish the download site off i think (we organised it in Manchester)

avatar andrepereiradasilva
andrepereiradasilva - comment - 14 May 2016

In a perfect world yes

just a perfect world :wink:

they would specify HTTPS in their manifests. This also assumes they specify one (I don't know how they're structured so I don't know if they actually specify it or rely on the core's way of fetching the language packages to decide this).

They all specify the same update server URL //update.joomla.org/language/translationlist_3.xml in their manifests, but pkg_en-GB specifies with HTTPS and all the others (currently) with HTTP.

avatar Bakual
Bakual - comment - 14 May 2016

Those are done by the translators. All we could do is to remind them to change it to https. But honestly, JC is dead as George mentioned and we're better off to just change it when the new server is alive :smile:

avatar andrepereiradasilva
andrepereiradasilva - comment - 14 May 2016

Those are done by the translators. All we could do is to remind them to change it to https. But honestly, JC is dead as George mentioned and we're better off to just change it when the new server is alive :smile:

sure just alerting to that, in case you guys didn't notice that.

Add a Comment

Login with GitHub to post a comment