Zope.org fading away ..
Hi all I've been unsubscribed from the Zope mailing lists due to "excessive bounces". So for some reason despite my clicking "ignore, I trust this message" 100s of times, gmail doesn't like the mails zope.org sends. When I try to visit the mailing list web interface, Firefox is stopped in its tracks by "Secure Connection Failed An error occurred during a connection to mail.zope.org. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert)" When I try to use the "Kontakt" (sic) form at http://zope.org/, it pops up an empty div: "<div class="pb-ajax"><div></div></div>". -- jean . .. .... //\\\oo///\\
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/11/2014 01:39 AM, Jean Jordaan wrote:
I've been unsubscribed from the Zope mailing lists due to "excessive bounces". So for some reason despite my clicking "ignore, I trust this message" 100s of times, gmail doesn't like the mails zope.org sends.
Some mail appears to be coming from a host (hetzner04.zopefoundation.org) which is not one of our MX hosts: $ dig -t MX zope.org ... ;; ANSWER SECTION: zope.org. 600 IN MX 0 mail.zope.org. zope.org. 600 IN MX 5 mail2.zope.org. Our SPF record says that mail should only be coming from them, so Google is bouncing those messages. We need either to fix it so that mail comes from the 'mail.zope.org' IP, or else add the other host to our MX list.
When I try to visit the mailing list web interface, Firefox is stopped in its tracks by "Secure Connection Failed An error occurred during a connection to mail.zope.org. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert)"
There are two problems with HTTPS on mail.zope.org: our own certificate is expired, and the issuer (StartCom) has an intermediate certificate which expired even longer ago: http://www.sslshopper.com/ssl-checker.html#hostname=mail.zope.org/
When I try to use the "Kontakt" (sic) form at http://zope.org/, it pops up an empty div: "<div class="pb-ajax"><div></div></div>".
Ugh, I don't recall now where the software lives for that. CC'ing the infrastructure list to verify. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMffFEACgkQ+gerLs4ltQ62CQCeMV2/kkHD8zPUGdBfQUgoAgMN oj0AoITHdNoJdtTDtvBIv6exqmDIgLbm =F6dx -----END PGP SIGNATURE-----
On Tue, Mar 11, 2014 at 3:12 PM, Tres Seaver <tseaver@palladion.com> wrote:
When I try to visit the mailing list web interface, Firefox is stopped in its tracks by "Secure Connection Failed An error occurred during a connection to mail.zope.org. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert)"
There are two problems with HTTPS on mail.zope.org: our own certificate is expired, and the issuer (StartCom) has an intermediate certificate which expired even longer ago:
http://www.sslshopper.com/ssl-checker.html#hostname=mail.zope.org/
I hope there is some luck folks having with resolving this. One can always take the approach Jim took with ZODB-dev, moving it to Google Groups, but there is real value in the archives regardless of where the current lists live. And the archives are de-facto inaccessible now -- if nothing else, the archives could be hosted on any static HTTP site and would not need any SSL/TLS/certificate burden. Sean
On Tue, 2014-03-11 at 17:07 -0600, Sean Upton wrote:
On Tue, Mar 11, 2014 at 3:12 PM, Tres Seaver <tseaver@palladion.com> wrote:
When I try to visit the mailing list web interface, Firefox is stopped in its tracks by "Secure Connection Failed An error occurred during a connection to mail.zope.org. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert)"
There are two problems with HTTPS on mail.zope.org: our own certificate is expired, and the issuer (StartCom) has an intermediate certificate which expired even longer ago:
http://www.sslshopper.com/ssl-checker.html#hostname=mail.zope.org/
I hope there is some luck folks having with resolving this. One can always take the approach Jim took with ZODB-dev, moving it to Google Groups, but there is real value in the archives regardless of where the current lists live. And the archives are de-facto inaccessible now -- if nothing else, the archives could be hosted on any static HTTP site and would not need any SSL/TLS/certificate burden.
+1
Sean _______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
-- programmatic web development di(fh) johannes raggam / thet python plone zope development plone framework team member mail: office@programmatic.pro web: http://programmatic.pro http://bluedynamics.com
It might be better if the whole zope project is handed over to somebody willing to move it forward. It’s pretty obvious the various parts that make up the community like mailing lists, website, forums etc have been dead or dying for a long time. Will Zope ever get back to 2005-2006 levels…? See : http://www.google.com/trends/explore#q=zope Rich On 11 Mar 2014, at 23:07, Sean Upton <sdupton@gmail.com> wrote:
On Tue, Mar 11, 2014 at 3:12 PM, Tres Seaver <tseaver@palladion.com> wrote:
When I try to visit the mailing list web interface, Firefox is stopped in its tracks by "Secure Connection Failed An error occurred during a connection to mail.zope.org. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert)"
There are two problems with HTTPS on mail.zope.org: our own certificate is expired, and the issuer (StartCom) has an intermediate certificate which expired even longer ago:
http://www.sslshopper.com/ssl-checker.html#hostname=mail.zope.org/
I hope there is some luck folks having with resolving this. One can always take the approach Jim took with ZODB-dev, moving it to Google Groups, but there is real value in the archives regardless of where the current lists live. And the archives are de-facto inaccessible now -- if nothing else, the archives could be hosted on any static HTTP site and would not need any SSL/TLS/certificate burden.
Sean _______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
On Tue, 2014-03-11 at 17:12 -0400, Tres Seaver wrote:
On 03/11/2014 01:39 AM, Jean Jordaan wrote:
When I try to use the "Kontakt" (sic) form at http://zope.org/, it pops up an empty div: "<div class="pb-ajax"><div></div></div>".
Ugh, I don't recall now where the software lives for that. CC'ing the infrastructure list to verify.
i've done the zope.org implementation together with michael haubenwallner in 2010. it's a Plone 4 website. since then, not much happened. i'd be happy to get some help with maintaining this. this is the theme/integration package: https://github.com/d2m/plonetheme.zopeorg and here is the buildout: http://svn.zope.org/zopeorg.buildout/branches/www.zope.org/ -- programmatic web development di(fh) johannes raggam / thet python plone zope development plone framework team member mail: office@programmatic.pro web: http://programmatic.pro http://bluedynamics.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/11/2014 05:12 PM, Tres Seaver wrote:
Our SPF record says that mail should only be coming from them, so Google is bouncing those messages. We need either to fix it so that mail comes from the 'mail.zope.org' IP, or else add the other host to our MX list.
I just double-checked, and the SPF record looks right: - ------------------------ %< ---------------------- $ dig -t TXT zope.org ; <<>> DiG 9.8.1-P1 <<>> -t TXT zope.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34927 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;zope.org. IN TXT ;; ANSWER SECTION: zope.org. 600 IN TXT "v=spf1 mx a:cvs.zope.org a:grok.zope.org a:hetzner04.zopefoundation.org -all" - ------------------------ %< ---------------------- The 'hetzner04.zopefoundation.org' IP is the one that list mail appears to come from: it should pass the SPF check. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMgeyoACgkQ+gerLs4ltQ4aaACfX3KaslKix4YzVqMraqc63hTx TuMAn280TrBCo7JU3UYOmrT+/JVpBlbE =8m8Q -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/12/2014 11:20 AM, Tres Seaver wrote:
On 03/11/2014 05:12 PM, Tres Seaver wrote:
Our SPF record says that mail should only be coming from them, so Google is bouncing those messages. We need either to fix it so that mail comes from the 'mail.zope.org' IP, or else add the other host to our MX list.
I just double-checked, and the SPF record looks right:
Encolpe Degoute replied to my off-list with information that Google and others may be requiring DKIM for some kinds of sneders. - - http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail - - http://www.dkim.org/ - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMh0WgACgkQ+gerLs4ltQ4D0ACfWYtaK8avMW+oTl8/Gy5JuZ4T qj8Ani4Qj+Pq1cRCdXkpQpRsX3NWFUQI =Yi8G -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/11/2014 05:12 PM, Tres Seaver wrote:
There are two problems with HTTPS on mail.zope.org: our own certificate is expired, and the issuer (StartCom) has an intermediate certificate which expired even longer ago:
http://www.sslshopper.com/ssl-checker.html#hostname=mail.zope.org/
I have added a new certificate and updated the intermediates. Chromium is now happy with https://mail.zope.org/, as is SSL Shopper: http://www.sslshopper.com/ssl-checker.html#hostname=mail.zope.org but Firefox will likely be unhappy over the next 6 - 12 hours due to OCSP propagation delay: https://forum.startcom.org/viewtopic.php?f=15&t=2654 Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMiHF0ACgkQ+gerLs4ltQ5giwCffH3MtWl2prY3zS3t+mKZqTac PHgAoKoiT8hqPKqiCaf45MH5qYGRj7ki =ZOzo -----END PGP SIGNATURE-----
participants (5)
-
Jean Jordaan -
Johannes Raggam -
Rich Harley -
Sean Upton -
Tres Seaver