The SDL forums have moved to discourse.libsdl.org.
This is just a read-only archive of the previous forums, to keep old links working.

Like the rest of the Internet, libsdl.org was vulnerable to Heartbleed,
so I've taken the time to update not just OpenSSL, but also the server
distribution. If you find anything suddenly broken, please report any
problems to me.

As for Heartbleed:
We don't have any reason to believe that either your passwords or our
SSL key was compromised, but we don't really know for sure, and since
the rest of the Internet isn't sure this week, either, this would be a
good time to change any passwords you have for the SDL web forums,
bugzilla, wiki, etc.

--ryan.


_______________________________________________
SDL mailing list

http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

On 2014-04-10 00:38, Ryan C. Gordon wrote:

Hey Ryan, did you guys also go about creating new keys regardless?

-- Alberto
_______________________________________________
SDL mailing list

http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

Obviously now would be a good time to change your SDL passwords, but
don't go on a password-changing frenzy until you know the servers in
question have been patched.

I expect this won't be the last one of these MAJOR vulnerabilities we
hear about… Ed Snowden: He saw something, he said something. Doubt
SDL is a high-value surveillance target … but then again the US army
does use video games to train soldiers nowadays so who knows. :)

Joseph


On Thu, Apr 10, 2014 at 01:38:25AM -0400, Ryan C. Gordon wrote:
_______________________________________________
SDL mailing list

http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

Sounds like we should re-exam every patches sent from NSA B-).

This is in progress, but revoking the old key is proving difficult. To
be clear: we've patched the bug, but _not_ replaced the SSL certs yet.
We will soon.

--ryan.



_______________________________________________
SDL mailing list

http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

Getting cert revoked, no new cert yet?

On Sat, Apr 12, 2014 at 12:18 AM, Ryan C. Gordon wrote:
_______________________________________________
SDL mailing list

http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

Hi all,

Am I the only one that can't access wiki.libsdl.org since yesterday?

All I get is this (from my browser):

An error occurred during a connection to wiki.libsdl.org. Peer's
Certificate has been revoked. (Error code: sec_error_revoked_certificate)

I might say a blasphemy, but wouldn't it be easier to drop the https
thing, and publish the SDL wiki on raw http? Or at least allow both,
without redirecting the user to https by force...
I don't care about the wiki being protected, I would just like to access
it (of course I understand SSL is necessary for forum, etc.. but the
wiki is not, until someone wants to log in to make changes).

cheers,
Mateusz



On 04/16/2014 03:42 AM, Andre D wrote:
_______________________________________________
SDL mailing list

http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

On Wednesday, April 16, 2014 08:17:51 AM Mateusz Viste wrote:

The wiki is already accessible through http only.
_______________________________________________
SDL mailing list

http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

On 04/15/2014 09:42 PM, Andre D wrote:

We had some issues.

The SSL certs are now revoked and replaced with new ones, you should be
able to use https://*.libsdl.org/ again, right now.

Sorry about that!

--ryan.



_______________________________________________
SDL mailing list

http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

Also, this means it's now safe to change your passwords on any
libsdl.org service.

We have no evidence to suggest your accounts were compromised, but we
also have no evidence to suggest they weren't...that's the problem with
Heartbleed. It's a good idea to change your passwords now.

Please ask me if you have problems or questions.

--ryan.



_______________________________________________
SDL mailing list

http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org