Hi,
yesterday my mailclient warend me: the TLS-key had changed to new one. Like usual in this cases i visited your website but there was no status-update at "System Updates" on the mainpage. I searched trough the helpsite and found the fingerprint shown to me. (this looked not veriy reliable with this manny "!!!" in it)
Then i chcked on twitter to get a second verification but there was: nothing. not a notice about the keychanges, not the fingerprint itself.
I think ist a standard to point changes this big out - and more safe to communicate it on different channels. dont we want everywone to verify the new key aufter changes? why hide it?
Hi,
We change those certificates yearly, and would love to be able to migrate to let's encrypt in there. You can see the updated fingerprints from there always at:
https://riseup.net/en/security/network-security/certificates
The people who wants this information are usually tech people, so the changes are usually announced in git (because there is a git commit with the change) and irc
https://github.com/riseupnet/riseup_help/commit/914f3ac22218e28d056b85b07c3e0169be693107
#riseup irc.indymedia.org
We change those certificates yearly, and would love to be able to migrate to let's encrypt in there. You can see the updated fingerprints from there always at:
https://riseup.net/en/security/network-security/certificates
The people who wants this information are usually tech people, so the changes are usually announced in git (because there is a git commit with the change) and irc
https://github.com/riseupnet/riseup_help/commit/914f3ac22218e28d056b85b07c3e0169be693107
#riseup irc.indymedia.org