Bug 349832

Summary: Security error when
Product: [Websites] www.kde.org Reporter: Toni Asensi Esteve <toni.asensi>
Component: generalAssignee: kde-www mailing-list <kde-www>
Status: RESOLVED FIXED    
Severity: normal CC: aacid, bcooksley
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
URL: https://www.commit-digest.org
Latest Commit: Version Fixed In:
Attachments: First error message
Error message, with more information

Description Toni Asensi Esteve 2015-07-02 17:18:09 UTC 
Users that go to https://www.commit-digest.org (like me when following the instructions sent by   
"KDE Commit-Digest" <no-reply@enzyme.commit-digest.org>) see a "Privacy error" page, saying that "attackers might be trying to steal your information from www.commit-digest.com (for example, passwords, messages, or credit cards)", and that the certificate has been invalid for 58 days .

I'll attach a screenshot. In Spanish the text was:

La conexión no es privada

Es posible que los piratas informáticos estén intentando robar tu información de www.commit-digest.org (por ejemplo, contraseñas, mensajes o tarjetas de crédito). NET::ERR_CERT_DATE_INVALID

Opciones avanzadas                              Volver para estar a salvo

Este servidor no ha podido probar que su dominio es www.commit-digest.org, su certificado de seguridad caducó hace 58 día(s). Este problema puede deberse a una configuración incorrecta o a que un atacante haya interceptado la conexión. La hora actual del reloj de tu ordenador es jueves, 2 de julio de 2015. ¿Es correcta? Si no lo es, debes corregir la hora del sistema y, a continuación, actualizar esta página.

Acceder a www.commit-digest.org (sitio no seguro)


Reproducible: Always
Comment 1 Toni Asensi Esteve 2015-07-02 17:19:32 UTC 
Created attachment 93460 [details]
First error message
Comment 2 Toni Asensi Esteve 2015-07-02 17:20:24 UTC 
Created attachment 93461 [details]
Error message, with more information
Comment 3 Albert Astals Cid 2015-07-02 23:22:03 UTC 
We do not maintain commit digest, please report at https://github.com/dannyakakong/Commit-Digest
Comment 4 Ben Cooksley 2015-07-13 08:45:33 UTC 
The site itself is hosted on KDE servers, so we're kind of responsible for this. Unfortunately Danny owns the domain and won't transfer it or set the whois details to a shared address, so getting certs renewed is very difficult...
Comment 5 Toni Asensi Esteve 2015-07-17 22:54:50 UTC 
While this problem is solved (the security error is still seen in www.commit-digest.org), as Ben Cooksley confirmed that this is a problem with certificates (and related factors) and not with the [source code](https://github.com/dannyakakong/Commit-Digest): this bug has been verified, are we to change its status to "verified"?
Comment 6 Toni Asensi Esteve 2015-08-03 18:20:47 UTC 
Nowadays the problem is solved, thank you all.