[aur-general] Random discussion about certificates
Aaron Griffin
aaronmgriffin at gmail.com
Mon Aug 10 15:38:57 EDT 2009
On Mon, Aug 10, 2009 at 2:21 PM, Magnus Therning<magnus at therning.org> wrote:
> Aaron Griffin wrote:
>>
>> On Mon, Aug 10, 2009 at 2:03 PM, Magnus Therning<magnus at therning.org>
>> wrote:
>>>
>>> Aaron Griffin wrote:
>>> [..]
>>>
>>>> It's not invalid, it's self-signed, so there's no certificate authority
>>>> stamp-of-approval on it. We had a free year certificate at one point,
>>>> but
>>>> decided not to waste the money for a real certificate if it's only used
>>>> by
>>>> the devs.
>>>
>>> One option would be getting one from CACert.org. Of course it won't be
>>> worth
>>> a lot without putting their root cert in
>>> openssl/firefox/konquerer/epiphany/etc...
>>
>> We looked into that, but that's not much better than a self signed cert.
>> We
>> discussed this at length among the devs, and already made a decision.
>> We're
>> well aware of all the options :)
>
> What was the line of reasoning behind "not much better than a self signed
> cert"?
Changing the subject here while we go on this tangent.
The reasoning is simple: CACert root certificates aren't generally
accepted, and while we actually support them in things like konquerer,
firefox and other tools are a different story (silly mozilla). It's
just not feasible at this point, so we end up with a certificate that
is "untrusted" anyway.
Now here's the thing.... we already discussed this, and all I'm doing
now is rehashing debates about it. There's not much point in it, and
I'm not going to be suddenly convinced to do a bunch of work to change
a site that is used by about 30-40 people with no actual benefit
besides getting rid of a one-time warning screen.
The decision was made, it's over and done with, it's not a big deal.
More information about the aur-general
mailing list