Hi,
Timo Röhling wrote:
> * Axel Beckert <[email protected]> [2021-08-11 13:27]:
> > I strongly disagree. CAcert offers way more types of certificates than
> > Let's Encrypt. For example does Let's Encrypt not provide any
> > certificates suitable for use as personal S/MIME e-mail certificates.
>
> Have you tried creating a personal S/MIME e-mail certificate lately?
Nope.
> Because I tried, and neither IE nor Edge nor Firefox nor Chrome nor Opera
> support the required HTML <keygen> tag any more.
That's the same for sso.debian.org. So should we close down that one,
too?
>From my point of view that's a failure of the browser makers and not
of CAcert or sso.debian.org. So users now need to call manually
openssl themselves.
> > But instead it offers longer living certificates for hosts not
> > directly reachable from the internet — which is a hell to achieve with
> > Let's Encrypt.
>
> Private hosts are usually managed with a private CA, which gives you
> much more control and versatility.
Not everyone is capable of running their own CA. Have you every tried
"easyrsa"? It's anything but easy. (And I personally rather run an
internal CA based on CAcert's scripts — which I actually do — than on
easyrsa. Tried easyrsa mostly for OpenVPN and nearly ditched OpenVPN
just because they recommend this crap.)
> Many companies do this,
Yeah, and often with worse outcome than with CAcert...
> and CAcert offers no advantage, since you'd still have to distribute
> their root certificates to all your clients.
If it's available as a Debian package, that's a clear advantage from
my point of view. :-)
> > Again, I strongly disagree. I rather hope that Dmitry gets it back
> > into shape and then also offers it via bullseye-backports.
>
> Well, if you, Dmitry, or anyone else feels that their time is well
> spent on this package, by all means, go ahead. I just happen to
> think that your contributions would be more valuable elsewhere.
I already have too many packages, so yes, I agree here. This though
does not change my opinion on this package (or on a lot of other
packages in Debian which I don't maintain, but consider important for
myself as well as the community in general).
Regards, Axel
--
,''`. | Axel Beckert <[email protected]>, https://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE