On Fri, May 29, 2015 at 8:21 PM, Riley Baird wrote: > If having to manually add a CA annoys the Ubuntu developers that > much, then surely they could just include the Debian CA certificate to > Ubuntu's default?
Steve answered the Ubuntu part, but there is also the "etc" people; there are myriad operating systems, people who discover our website for the first time probably are using a browser that only trusts mafia certs. > Anyway, I don't see the point in using both mafia CAs and non-mafia > CAs. If you get the mafia CAs, you'll still be paying the extortion > money regardless of whether or not you use the non-mafia CAs. The point would be that people who don't trust the mafia CAs can pin *.debian.org domains to a Debian CA (verified via OpenPGP web-of-trust, say) by specifying a specific subdomain of each service, debca.www.debian.org or pin.www.debian.org or non-mafia.debian.org for eg. -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caktje6gitrj9dews+ex-pkcett9mul489jkgffmwpsnph1i...@mail.gmail.com
