Re: bugs.gnupg.org TLS certificate

Thu, 12 Mar 2015 21:00:08 -0700

It's quite disingenuous to say you don't have an opinion, when obviously you do.
This topic was debated at length on this list when Heartbleed happened. There are two camps: 


1. Those who think that if you offer any kind of free service, you have 
to offer all related services for free as well. "I want it, so you must 
give it to me."



2. Those who think that companies like StartSSL who are offering 
tremendous value to the community for free have the right to recoup some 
of their operational expenses for requests that go outside the norm, 
and/or cannot be handled with an automated system.



If you are in the first camp, you have every right to your belief, but 
that belief does not match up with the real world.



If you are in the second camp, pull up a chair, I've got a cooler full 
of $BEVERAGE that I'll be happy to share. :)


Doug


On 3/12/15 7:27 PM, Avi wrote:

I have no opinion one way or the other re: StartSSL, but there are those
who do:

<https://danconnor.com/post/50f65364a0fd5fd1f7000001/avoid_startcom_startssl_like_the_plague_>
<https://bugzilla.mozilla.org/show_bug.cgi?id=994033>
<https://www.techdirt.com/articles/20140409/11442426859/shameful-security-startcom-charges-people-to-revoke-ssl-certs-vulnerable-to-heartbleed.shtml>

etc.

Avi


----
User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key)
<avi.w...@gmail.com <mailto:avi.w...@gmail.com>>
    Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019
F80E 29F9

On Thu, Mar 12, 2015 at 7:47 PM, Mick Crane <mick.cr...@gmail.com
<mailto:mick.cr...@gmail.com>> wrote:




    On 12 Mar 2015, at 23:21, Hugo Osvaldo Barrera <h...@barrera.io
    <mailto:h...@barrera.io>> wrote:

    On 2015-03-11 17:38, Werner Koch wrote:
    On Wed, 11 Mar 2015 15:12, br...@minton.name
    <mailto:br...@minton.name> said:


    git.gnupg.org <http://git.gnupg.org/>) don't use that
    certificate.  Have you considered a wildcard
    certificate?  I know this has been discussed before, e.g. at


    Too expensive ;-).  To stop all these complaints I will add a so
    called
    real certificate but first I need to move the tracker to another
    machine.


    Shalom-Salam,

     Werner


    No need for a wildcard one. Just get one free certificate for each
    subdomain
    from StartSSL.




_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users






















					Reply via email to