Re: [Savannah-help-public] missing SSL cert from savannah site

[Sylvain Beucler]

Hi,

On Sun, Oct 18, 2009 at 10:39:04PM -0400, Richard Stallman wrote:
>     > I know nothing about this; I might not know how to do it.
>     > I hope you are not saying that people like me are unimportant
>     > when we judge what Savannah should do.
> 
>     No, not at all.  It's perfectly OK not to know or bother (but we
>     provide simple instructions for those who care nevertheless).  In
>     which case it does not matter if the certificate is issued by a CA in
>     the browser's certificate store or whatever.
> 
> I think there is some misunderstanding here.
> 
> As I understand it, some operations will fail with an error
> which users like me won't understand and won't know how to get past.
> That is what people have said.
> 
> Are you saying it is not so?

Last time we discussed it, we agreed on writing additional
documentation about it and linking it on the login page, which is the
page from which people get to the https: area (https access is not
required for normal browsing). While it took a few weeks of delays,
this is now done. This also has the benefit of educating people about
what this kind of security means.


>     Perhaps it's worth mentioning that CAcert's root certificate is
>     included in most major distros, and all browsers are modified to check
>     the system's certificate store.
> 
> But not Windows, and maybe not Mac OS.
> 
> Most computer users use those systems.  In our community of developers,
> the fraction using those systems is smaller, but still large.
> 
> If our support were crucial to CAcert's eventual success, that would
> be a strong argument to give it our support by continuing to use that
> certificate.  But it seems that our support, in this form, won't
> really help CAcert at all.

I mentioned it helped in fostering its inclusion in GNU IceCat.
It may not be critical, but it helps, and was also requested
independently by Savanah users.

-- 
Sylvain