On Mon, Aug 10, 2009 at 2:21 PM, Magnus Therning<magnus@therning.org> wrote:
Aaron Griffin wrote:
On Mon, Aug 10, 2009 at 2:03 PM, Magnus Therning<magnus@therning.org> wrote:
Aaron Griffin wrote: [..]
It's not invalid, it's self-signed, so there's no certificate authority stamp-of-approval on it. We had a free year certificate at one point, but decided not to waste the money for a real certificate if it's only used by the devs.
One option would be getting one from CACert.org. Of course it won't be worth a lot without putting their root cert in openssl/firefox/konquerer/epiphany/etc...
We looked into that, but that's not much better than a self signed cert. We discussed this at length among the devs, and already made a decision. We're well aware of all the options :)
What was the line of reasoning behind "not much better than a self signed cert"?
Changing the subject here while we go on this tangent. The reasoning is simple: CACert root certificates aren't generally accepted, and while we actually support them in things like konquerer, firefox and other tools are a different story (silly mozilla). It's just not feasible at this point, so we end up with a certificate that is "untrusted" anyway. Now here's the thing.... we already discussed this, and all I'm doing now is rehashing debates about it. There's not much point in it, and I'm not going to be suddenly convinced to do a bunch of work to change a site that is used by about 30-40 people with no actual benefit besides getting rid of a one-time warning screen. The decision was made, it's over and done with, it's not a big deal.