[arch-general] [arch-dev-public] CAcert dropped from certificate bundle
Nowaker
enwukaer at gmail.com
Wed Apr 2 12:39:15 EDT 2014
> It's becoming clearer that CAcert isn't going to be passing a third
> party audit any time soon. Our only view into it is the open-source code
> they've made available, and messy wiki documentation. The quality of the
> code is not exactly comforting - whoever wrote most of it didn't seem to
> be aware of prepared statements...
Unfortunately, it's true. But note that you will *never* know if these
"profesionally" "audited" SSL issuers are aware of prepared statements
or not. I don't want to name the company that I used to use which has an
always-failing admin panel where you never know what the button is going
to do every time you click it. No docs can help it.
I would tend to trust CAcert more than anyone else if only their code
was clean. Because it's not I consider them as risky as "professional"
SSL issuers where you never know what's behind the scenes. Internets
really need commerce-, government- and regulation-free SSL issuers like
CAcert. Hope they HTFU and get their code written well some day.
--
Kind regards,
Damian Nowak
StratusHost
www.AtlasHost.eu
More information about the arch-general
mailing list