Follow-up Comment #1, sr #106651 (project administration):
Personally, FWIW, I agree with Reed. I'm not overly impressed by "auditing",
having been on the other end of ssl auditing in various contexts at various
times and it always seemed like a meaningless exercise in paperwork -- but
losing private keys is inexcusable.
It's not a money issue. John already bought the cert.
Of course I agree that it would be better, in principle, to use certificates
from an organization with freedom-respecting policies. But when the only
(right?) such org is so slipshod, it seems like the lesser evil to me to use
keys from the same org as gnu.org and fsf.org. Obviously rms does not insist
on cacert.org, although perhaps he's never been consulted; and perhaps we
should ask him.
Sylvain?
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?106651>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
