Regarding the inclusion of ca-certificates as a PDEPEND (yeah a brief
exchange of emails already happened on -dev but since it's not so easy to
track it I'm lagging behind on this) I would like to express that I really
don't like the fact that we are "trusting" cacert.org certs (among others)
without providing it as a choice.
Despite all the political views that we can throw in favour of a "cacert.org
are trying to make the SSL certs world less evil" argument this is some major
policy that we are supporting and it shouldn't be taken that lightly (I don't
remember such a major confrontation about this) and I really don't think this
should be a default policy but rather user's choice. Technically cacert.org
is not a recognized CA in the "proper" way (and don't point that a proper CA
is a lame concept and a snake oil thing..this is not the point).
[CCing [EMAIL PROTECTED] because this concerns the team as well imho.]
Just my 2 eurocent.
P.S.
I know that firefox doesn't trust /etc/ssl/certs by default, dunno about
konqueror. The point is still relevant though.
--
Andrea Barisani <[EMAIL PROTECTED]> .*.
Gentoo Linux Infrastructure Developer V
( )
PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( )
0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E ^^_^^
"Pluralitas non est ponenda sine necessitate"
--
gentoo-dev@gentoo.org mailing list
