I rather think that the Mozilla decision is blindly based on a more
widespread $75000 audit from Webtrust, which CAcert cannot afford. The
independant audit requested them to make changes that were not
required from other certification providers.
That doesn't change anything for our decision.
The point is that using CAcert on Savannah will not help much
to get CAcert accepted by Mozilla. It is a sacrifice which is
not even effective.
And just because Mozilla is showing a warning to users doesn't mean we
have to abide: they is also a warning that we should install Adobe
Flash after a first install, and hopefully we won't be similarly
influenced.
We consider Adobe Flash unethical, but we do not consider non-CAcert
certifications unethical.
We should continue supporting CAcert in other ways, but we should get
for Savannah a certification that the widely used browsers accept.
