Re: [Savannah-help-public] missing SSL cert from savannah site

[Sylvain Beucler]

On Fri, Oct 16, 2009 at 04:47:55AM -0400, Richard Stallman wrote:
> I did not notice that message from Karl before, but now that I see it,
> I think we should get another certification for Savannah if it is feasible.
> 
> Matt, is it feasible?
> 
> It seems that what CACERT needs is not support from people like us,
> but rather to clean up its own act first.  If CACERT someday gets
> accepted by Mozilla, then we could reconsider the question of how to
> support it,

I rather think that the Mozilla decision is blindly based on a more
widespread $75000 audit from Webtrust, which CAcert cannot afford. The
independant audit requested them to make changes that were not
required from other certification providers.

Basing our decision on Mozilla's is as blind as them.

Using CAcert is important, it contributed to having it included in
IceCat for example.  Besides, if nobody uses CAcert we can be sure
that their effort won't go anywhere.

And just because Mozilla is showing a warning to users doesn't mean we
have to abide: they is also a warning that we should install Adobe
Flash after a first install, and hopefully we won't be similarly
influenced.

-- 
Sylvain