Follow-up Comment #10, sr #106651 (project administration): > Again, why can't you just use the certificates > the FSF has already purchased?
Those certs were bought by mistake and will expire in a few months. We believe in an alternate way to express trust, not based on a bootstrap group of opportunists, money, and unclear browser-inclusion rules - check the links. > They are from a reputable CA and are accepted > by all major browsers. Ms windows is pre-installed in all major hardware products, this doesn't make it something we want to use. "Reputable" CAs make mistakes, e.g. http://blog.startcom.org/?p=145 > We shouldn't be teaching users to ignore SSL > error messages from their browsers just to access Savannah This is wrong. The documentation tells to accept the CAcert certificate and none else. I didn't hear anybody complain when we used self-signed certs, which is worse, so please don't mix up Firefox' new error message and the use of CAcert.org. > CAcert is [...] I won't discuss any further until there's supported arguments. And last, I'd appreciate your opening a discussion on the cacert.org mailing list where educated people can answer your worries, instead of spreading unverified claims to their users on their back. _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/support/?106651> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/
