[Systems] Fwd: Gandi donates large amount of account credit to Conservancy for VPS's, domain registration, and SSL certificates
Chris Leonard
cjl at laptop.org
Wed Aug 1 09:12:25 EDT 2012
On Wed, Aug 1, 2012 at 8:09 AM, Bradley M. Kuhn <bkuhn at sfconservancy.org> wrote:
>>> > The CSR for *.sugarlabs.org is attached, and at this time we don't
>>> > need any others.
>
>> On Fri, 2012-06-29 at 11:50 -0400, Bradley M. Kuhn wrote:
>>> I'll set this up as soon as I can.
>
> Bernie Innocenti wrote at 13:18 (EDT) on Sunday:
>> I just noticed that 4 of our StartSSL certificates expired yesterday.
>> Could you please get us the new certificate from Gandi as soon as
>> possible?
>
> I attempted to do this just now. Unfortunately, Gandi appears not to
> allow creation of an SSL certificate for a domain name that isn't under
> the control of the account attempting to create it.
>
> However perhaps it would make sense to move sugarlabs.org to
> Conservancy's account at Gandi? This would save the annual fees
> associated with the domain name, and would allow for the creation of the
> SSL certificates, which would also be paid for as part of the Gandi
> donation.
>
> Do the SLOBs want to do this? If so, Bernie, send me the auth code for
> transfer from Name.com, and I'll initiate the transfer.
>
>> If possible, get a certificate valid for 3 or 5 years.
>
> It looks like 3 years is the max for Gandi.
Speaking for myself, I think the SLOBs would/should entrust domain
name registrations, certificates and DNS issues to our extremely
competent (albeit overworked) Infrastructure team, and to Bernie's
leadership on those issues.
These are operational details and not strictly policy matters (which
would obviously require SLOB pre-approval). Our Infrastructure Team
has a well-earned reputation for consultation with relevant
stakeholders and a talent for "doing the right thing". In essence,
anything done in that regard can also be undone, so I would not impose
a strict SLOB-pre-approval requirement on such matters (particularly
where it is not coupled to significant financial outlay), favoring
instead a timely consultation and notification standard for the
Infrastructure Team's actions, as is their usual practice, which has
served the Sugar Community very well to date.
Whatever Bernie suggests is almost certainly going to get a +1 from
me, although as he knows all too well, as a former IT shop manager, I
reserve the right to kibbitz and quiz him on his choices, not that it
is likely to result in any desire to change his proposed course of
action. :-)
If Bernie wants to move our DNS registration in order to take
advantage of certificate generation, he has my complete support. (not
that I won't ask nit-picking questions about IPv6 anyway).
cjl
More information about the Systems
mailing list