Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:99979 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 1862 invoked from network); 20 Jul 2017 19:25:18 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Jul 2017 19:25:18 -0000 Authentication-Results: pb1.pair.com smtp.mail=larry@garfieldtech.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=larry@garfieldtech.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain garfieldtech.com from 66.111.4.25 cause and error) X-PHP-List-Original-Sender: larry@garfieldtech.com X-Host-Fingerprint: 66.111.4.25 out1-smtp.messagingengine.com Received: from [66.111.4.25] ([66.111.4.25:48161] helo=out1-smtp.messagingengine.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 62/5C-02884-79301795 for ; Thu, 20 Jul 2017 15:25:13 -0400 Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 433CF208B1 for ; Thu, 20 Jul 2017 15:25:09 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute7.internal (MEProxy); Thu, 20 Jul 2017 15:25:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= fm1; bh=Ih0oQnvLI44jW2OoAdwMWfrNP4z0k/kGVqyuQPz2sFU=; b=Z0CpE8ur gWiD8kKjTHQ4Lo0/+/SQtawt+XtcHx554KjUTjPubBOauxms0T/8WZbquMCExnmU RPv5sDl4Lkzupn3hKYZN9atynibDJXw3dB/+4S+b3MG7g/MoZ+93ST2RT6EqUtB+ rZfYIiYaauLdOhLCv1EBzLSYVCERd4OB9tGwa696VoxNiPF2S2IOPoWKWBtofupH nTAQow/q6ByHX1iHeICSO46G0FSFYZPLgJaKaIbZae4dtMHIaKg7XKWSJKbOPWXW tA5c5V9cqRTJkbMPRFOj9Snp234elW9FsQ2NPUxkvHL8xLjiw+6Vdz6nrMztvfdQ yeBF0K75yWHxIA== X-ME-Sender: X-Sasl-enc: tKI0cVufDhDhY5zcxGKM+tipRNDB9xxrykDUJJIwqz/S 1500578709 Received: from [192.168.42.5] (216-80-117-88.c3-0.frg-ubr1.chi-frg.il.cable.rcn.com [216.80.117.88]) by mail.messagingengine.com (Postfix) with ESMTPA id 105E92450F for ; Thu, 20 Jul 2017 15:25:09 -0400 (EDT) To: internals@lists.php.net References: Message-ID: Date: Thu, 20 Jul 2017 14:25:08 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Subject: Re: [PHP-DEV] php.net website From: larry@garfieldtech.com (Larry Garfield) On 07/20/2017 12:38 PM, Rasmus Lerdorf wrote: > On Thu, Jul 20, 2017 at 1:42 AM, Niklas Keller wrote: >> They can also just request them themselves, but only for their mirror >> domain. If you allow them to issue for www.php.net, you can as well just >> put the current private key there. >> > I think there is a big difference between putting the private key there and > proxying validation for just a www.php.net CN alias. We already have a list > of known mirrors, so we would make sure to only validate www.php.net for > those. By validating www.php.net we allow any mirror to pretend they are > www.php.net and no other *.php.net domain, which is exactly what we want. > > -Rasmus I figure this is a long-shot, but Platform.sh hosts a number of community sites for free. (We recently became the home of https://externals.io/, for example.) We have multiple data centers and SSL-all-the-things using Lets Encrypt. We'd be happy to help on the hosting side of the equation for any *.php.net sites if there's interest, either full or partial. We also offer PHP 7.1 and will have the just-released 7.2 beta up shortly. :-) (We have no opinion on the code side; we're just happy to help on the infrastructure side.) --Larry Garfield