savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-help-public] [sr #106651] Savannah should not use CAcert.org-s

From: Karl Berry
Subject: [Savannah-help-public] [sr #106651] Savannah should not use CAcert.org-signed SSL certificates
Date: Mon, 23 Feb 2009 00:08:45 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071128 SeaMonkey/1.1.7 
Follow-up Comment #1, sr #106651 (project administration):

Personally, FWIW, I agree with Reed.  I'm not overly impressed by "auditing",
having been on the other end of ssl auditing in various contexts at various
times and it always seemed like a meaningless exercise in paperwork -- but
losing private keys is inexcusable.

It's not a money issue.  John already bought the cert.

Of course I agree that it would be better, in principle, to use certificates
from an organization with freedom-respecting policies.  But when the only
(right?) such org is so slipshod, it seems like the lesser evil to me to use
keys from the same org as gnu.org and fsf.org.  Obviously rms does not insist
on cacert.org, although perhaps he's never been consulted; and perhaps we
should ask him.

Sylvain?




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?106651>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]