[R-SIG-Mac] Bioconductor Security Certificate

Loren Engrav engrav at u.washington.edu
Wed Nov 28 20:09:12 CET 2007 

It is true as James MacDonald indicated that a spoof of Bio is unlikely so I
have been just ignoring the warning

And there are other work arounds, like telling computer to "always trust" or
grabbing the offered certificate and installing it in the keychain

On the other hand, ignoring security warnings is generally not a good idea
and if the fix is easy, why not fix it and avoid the work arounds

And then a security certificate that everyone ignores is not "security"

The certificate indicates email address is webmaster at math.ethz.ch so I
included same in thread

Thank you

Loren Engrav
Univ Washington
Seattle, WA USA




> From: Prof Brian Ripley <ripley at stats.ox.ac.uk>
> Date: Wed, 28 Nov 2007 14:06:52 +0000 (GMT)
> To: <elw at stderr.org>
> Cc: Loren Engrav <engrav at u.washington.edu>, RMacHelp
> <r-sig-mac at stat.math.ethz.ch>
> Subject: Re: [R-SIG-Mac] Bioconductor Security Certificate
> 
> It would be better for the base URLs to match.  The R-help address is e.g.
> 
> https://stat.ethz.ch/mailman/listinfo/r-help
> 
> If BioC linked to https://stat.ethz.ch/mailman/listinfo/bioconductor
> (which works) this particular warning would not appear.  (If I could find
> a webmaster address for BioC I would report it.)
> 
> (The certificate is not on Bioconductor nor on R's computers, but an ETHZ.
> There have been suggestions to buy a commercial certificate for use on the
> R project's mailing list and svn servers hosted by ETHZ, but AFAIK they
> have all fizzled out.)
> 
> 
> On Wed, 28 Nov 2007, elw at stderr.org wrote:
> 
>> the ssl certificate on the archives at stat.math.ethz.ch is a
>> privately-generated certificate.  that doesn't mean that there's anything
>> wrong with it, just that it isn't something that is "trusted" by the
>> keychains that come preloaded with your browser.
>> 
>> --elijah
>> 
>> 
>> On Tue, 27 Nov 2007, Loren Engrav wrote:
>> 
>>> Date: Tue, 27 Nov 2007 21:00:10 -0800
>>> From: Loren Engrav <engrav at u.washington.edu>
>>> To: RMacHelp <r-sig-mac at stat.math.ethz.ch>
>>> Subject: Re: [R-SIG-Mac] Bioconductor Security Certificate
>>> 
>>> Strange
>>> 
>>> Same thing happens on my kids Windows computer
>>> 
>>> I guess I do not understand as I do several secure websites per day and do
>>> not see this message
>>> 
>>> I thought a certificate on my computer checks the certificate on the
>>> sending
>>> computer, if they match, page passes, if they do not match, message comes
>>> up
>>> indicating potential trouble, so to go to a secure page I must install the
>>> proper certificate, but I have no certificate for Bio nor can I find one
>>> 
>>> So I asked <bioconductor-owner at stat.math.ethz.ch> what to do...
>>> 
>>> Thank you
>>> 
>>> Loren Engrav
>>> Univ Wash
>>> Seattle
>>> 
>>> 
>>> 
>>>> From: Sean Davis <sdavis2 at mail.nih.gov>
>>>> Date: Tue, 27 Nov 2007 19:21:52 -0500
>>>> To: Loren Engrav <engrav at u.washington.edu>
>>>> Cc: RMacHelp <r-sig-mac at stat.math.ethz.ch>
>>>> Subject: Re: [R-SIG-Mac] Bioconductor Security Certificate
>>>> 
>>>> On Nov 27, 2007 6:04 PM, Loren Engrav <engrav at u.washington.edu> wrote:
>>>> Am
>>>> using MacOS 10.4.11 and Safari 3.0.4
>>>> but same happens with Firefox
>>>> 2.0.0.9
>>>> 
>>>> When I go to
>>>> 
>>>> <http://www.bioconductor.org/docs/mailList.html>
>>>> 
>>>> And click on ©øweb
>>>> interface©÷ at the line "Subscribe to or browse this list
>>>> through the web
>>>> interface."
>>>> 
>>>> I get the message
>>>> 
>>>> You have attempted to establish a
>>>> connection with "'www.stat.math.ethz.ch".
>>>> However, the security
>>>> 
>>>> certificate presented belongs to "stat.ethz.ch". It is possible, though
>>>> 
>>>> unlikely, that someone may be trying to intercept your communication with>
>>>> this web site.
>>>> 
>>>> If you suspect the certificate shown does not belong to
>>>> 
>>>> "www.stat.math.ethz.ch" please cancel the connection and notify the site
>>>> 
>>>> administrator.
>>>> 
>>>> How do I fix this?
>>> 
>>> This is normal with a connection to a
>>> secure website.  Bioconductor
>>> does not maintain the website at
>>> stat.ethz.ch.
>>> 
>>>> Thank you
>>>> 
>>>> I tried to find a Bioconductor web
>>>> administrator and failed
>>> 
>>> This is not a problem and is not a bioconductor
>>> problem.  All web
>>> browsers on all systems should behave something like
>>> this.
>>> 
>>> Sean
>>> 
>>> _______________________________________________
>>> R-SIG-Mac mailing list
>>> R-SIG-Mac at stat.math.ethz.ch
>>> https://stat.ethz.ch/mailman/listinfo/r-sig-mac
>> 
> 
> -- 
> Brian D. Ripley,                  ripley at stats.ox.ac.uk
> Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
> University of Oxford,             Tel:  +44 1865 272861 (self)
> 1 South Parks Road,                     +44 1865 272866 (PA)
> Oxford OX1 3TG, UK                Fax:  +44 1865 272595

More information about the R-SIG-Mac mailing list