Am 13.03.2014 um 17:21 schrieb Christoph Anton Mitterer <[email protected]>:
> I doubt that the removal of CAcert was a good decision… I wish you would have read the whole the bug report, especially the history of how the CACert root certificate came into ca-certificates. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434#20 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434#30 In a nutshell, if you want CACert to be re-added you must prove CACert and its infrastructure is trustworthy. Something CACert has attempted but even their internal audits have failed. ca-certificates didn’t have much of a policy until recently, but giving that a good, secure policy can take quite some work, relying on Mozilla is a sensible policy. Plus that SPI root cert, but they run debian infrastructure. Please do not reason against the removal, instead you have to prove (every year in my eyes) that CACert is trustworthy. Inverting the burden of proof, as it has happended far to often in these CACert discussions, is unacceptable when talking about security. A small question to be added and a few people supporting the request just won’t pull any longer. Please stop dragging other CAs around for comparison, every CA has to prove trustworthiness on their own. ciao, tom PS: Lastly, this is not an opinion poll. If your only contrib is a +/-1, close your mail programm.
smime.p7s
Description: S/MIME cryptographic signature

