Aaron Griffin wrote:
On Mon, Aug 10, 2009 at 2:03 PM, Magnus Therning<magnus@therning.org> wrote:
Aaron Griffin wrote: [..]
It's not invalid, it's self-signed, so there's no certificate authority stamp-of-approval on it. We had a free year certificate at one point, but decided not to waste the money for a real certificate if it's only used by the devs. One option would be getting one from CACert.org. Of course it won't be worth a lot without putting their root cert in openssl/firefox/konquerer/epiphany/etc...
We looked into that, but that's not much better than a self signed cert. We discussed this at length among the devs, and already made a decision. We're well aware of all the options :)
What was the line of reasoning behind "not much better than a self signed cert"? /M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe