[Desktop-packages] [Bug 1287130] [NEW] SPI CA certificate (i.e. effectively Debian) is not trusted out of the box

[era]

Public bug reported:

When I visit https://alioth.debian.org/ in Firefox, I get the familiar
warning dialog:

    This Connection is Untrusted

    You have asked Firefox to connect securely to alioth.debian.org, but we 
can't 
    confirm that your connection is secure.

    Normally, when you try to connect securely, sites will present trusted 
    identification to prove that you are going to the right place. However, 
    this site's identity can't be verified.

    What Should I Do?

    If you usually connect to this site without problems, this error could mean 
    that someone is trying to impersonate the site, and you shouldn't continue.

    > Technical Details ...

    > I Understand the Risks

I posted a question about this back in 2009
https://answers.launchpad.net/ubuntu/+source/ca-
certificates/+question/79192 and  finally I got a useful reply in
November 2012 which implicates the Ubuntu Firefox license as a possible
culprit.

The related bug
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1042040 was
closed as Invalid, but that applies to Firefox proper.  Ubuntu can and
IMHO should make its own judgment call on which CA certificates to
trust.

** Affects: ubufox (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubufox in Ubuntu.
https://bugs.launchpad.net/bugs/1287130

Title:
  SPI CA certificate (i.e. effectively Debian) is not trusted out of the
  box

Status in “ubufox” package in Ubuntu:
  New

Bug description:
  When I visit https://alioth.debian.org/ in Firefox, I get the familiar
  warning dialog:

      This Connection is Untrusted

      You have asked Firefox to connect securely to alioth.debian.org, but we 
can't 
      confirm that your connection is secure.

      Normally, when you try to connect securely, sites will present trusted 
      identification to prove that you are going to the right place. However, 
      this site's identity can't be verified.

      What Should I Do?

      If you usually connect to this site without problems, this error could 
mean 
      that someone is trying to impersonate the site, and you shouldn't 
continue.

      > Technical Details ...

      > I Understand the Risks

  I posted a question about this back in 2009
  https://answers.launchpad.net/ubuntu/+source/ca-
  certificates/+question/79192 and  finally I got a useful reply in
  November 2012 which implicates the Ubuntu Firefox license as a
  possible culprit.

  The related bug
  https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1042040 was
  closed as Invalid, but that applies to Firefox proper.  Ubuntu can and
  IMHO should make its own judgment call on which CA certificates to
  trust.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubufox/+bug/1287130/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp