1 |
Yuri Vasilevski wrote: |
2 |
> Now, being a little bit less ideological, I think it is perfectly ok to |
3 |
> add certificates from some organizations like CACert.org that try to |
4 |
> make security free for all Internet users as well as open source |
5 |
> projects' certificates (like debian ones). But it should be up to |
6 |
> businesses to buy they're way into openssl by the means of this |
7 |
> "sponsoring". |
8 |
> |
9 |
> So my suggestions is to add root certificates only for non for profit |
10 |
> organizations. (For intermediate certificates that already have root |
11 |
> certificate bundled with openssl it ok in all cases). Or at last don't |
12 |
> make it a RDEPEND but an einfo "you may want to intall X for Y reason". |
13 |
> |
14 |
> |
15 |
> |
16 |
>>this will inadvertently fix this fun bug: |
17 |
>>http://bugs.gentoo.org/101457 |
18 |
>>and probably more in the future |
19 |
> |
20 |
> |
21 |
> In this king of cases it is probably better to ask upstream to bug |
22 |
> they're CA to "sponsor" openssl or use some free CA. |
23 |
> |
24 |
> Yuri. |
25 |
|
26 |
I was unaware that openssl worked that way, ie "sponsor in exchange for |
27 |
inclusion". This seems like a fair and honest way for them to raise |
28 |
funds but gives companies the ability to use openssl even if they don't |
29 |
sponsor. But *must* we honor that? Has anyone asked them? |
30 |
|
31 |
I agree with this point 1000000%: Any organization that is free to the |
32 |
public should be included. But should we exclude the ones that are |
33 |
for-profit? I don't know but I have some pros and cons about including it. |
34 |
|
35 |
It would be good PR for Gentoo to honor that funding scheme. Helping a |
36 |
fellow FOSS project in this way is just being "neighbourly" and will |
37 |
keep us out of slashdot. Plus it makes me feel warm and fuzzy inside. |
38 |
Don't include it at all or make it optional with a USE flag. |
39 |
|
40 |
Good PR aside including all the certificates is better for the user |
41 |
because they don't have to manually search for the certificate and |
42 |
install it. Not to mention the wget bug with realplayer. I don't know |
43 |
about anyone else but when something Just Works(tm) I am happy. Install |
44 |
it by default or make it optional with a USE flag. |
45 |
|
46 |
Would it be best to make it into a USE flag so users have the choice, |
47 |
install it by default or simply not offer it at all? |
48 |
|
49 |
Both sides should be happy with a USE flag IMHO. So long as it closes |
50 |
the wget bug I'm all for it. |
51 |
-- |
52 |
gentoo-dev@g.o mailing list |