On Thu 2015-09-10 18:05:35 -0400, Robert J. Hansen wrote: >> Who else thinks someone should spring for the $10 it would take to >> buy and install an SSL certificate for the principal distribution >> point of gpg and it's signatures on the worlds most popular >> platform? > > There are many better ways for Werner to spend his time and money. > > (Getting an Authenticode certificate, for instance.)
This is not an either/or scenario, please don't pit the one project against another. Both can be addressed by dealing with the CA cartel. It's frustrating to do this, because we all know that the CA cartel is not particularly trustworthy as a whole. But this is a "trusted introducer" problem, and the cartel is the only set of trusted introducers available to people who don't already have GnuPG. There is already discussion about getting HTTPS set up for gpg4win.org. Bernhard Reiter (cc'ed here) knows about it, and other offers of help have already been made over on gpg4win-users...@wald.intevation.org, which is a better place to discuss gpg4win-specific issues. It's more an issue of getting an admin to spend a couple hours coaxing the website into compliance and dealing with the fallout from the SNI issues. Bernhard, is there anything else the rest of us can do to get this ball rolling? --dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users