| 1 |
Yuri Vasilevski wrote: |
| 2 |
> Now, being a little bit less ideological, I think it is perfectly ok to |
| 3 |
> add certificates from some organizations like CACert.org that try to |
| 4 |
> make security free for all Internet users as well as open source |
| 5 |
> projects' certificates (like debian ones). But it should be up to |
| 6 |
> businesses to buy they're way into openssl by the means of this |
| 7 |
> "sponsoring". |
| 8 |
> |
| 9 |
> So my suggestions is to add root certificates only for non for profit |
| 10 |
> organizations. (For intermediate certificates that already have root |
| 11 |
> certificate bundled with openssl it ok in all cases). Or at last don't |
| 12 |
> make it a RDEPEND but an einfo "you may want to intall X for Y reason". |
| 13 |
> |
| 14 |
> |
| 15 |
> |
| 16 |
>>this will inadvertently fix this fun bug: |
| 17 |
>>http://bugs.gentoo.org/101457 |
| 18 |
>>and probably more in the future |
| 19 |
> |
| 20 |
> |
| 21 |
> In this king of cases it is probably better to ask upstream to bug |
| 22 |
> they're CA to "sponsor" openssl or use some free CA. |
| 23 |
> |
| 24 |
> Yuri. |
| 25 |
|
| 26 |
I was unaware that openssl worked that way, ie "sponsor in exchange for |
| 27 |
inclusion". This seems like a fair and honest way for them to raise |
| 28 |
funds but gives companies the ability to use openssl even if they don't |
| 29 |
sponsor. But *must* we honor that? Has anyone asked them? |
| 30 |
|
| 31 |
I agree with this point 1000000%: Any organization that is free to the |
| 32 |
public should be included. But should we exclude the ones that are |
| 33 |
for-profit? I don't know but I have some pros and cons about including it. |
| 34 |
|
| 35 |
It would be good PR for Gentoo to honor that funding scheme. Helping a |
| 36 |
fellow FOSS project in this way is just being "neighbourly" and will |
| 37 |
keep us out of slashdot. Plus it makes me feel warm and fuzzy inside. |
| 38 |
Don't include it at all or make it optional with a USE flag. |
| 39 |
|
| 40 |
Good PR aside including all the certificates is better for the user |
| 41 |
because they don't have to manually search for the certificate and |
| 42 |
install it. Not to mention the wget bug with realplayer. I don't know |
| 43 |
about anyone else but when something Just Works(tm) I am happy. Install |
| 44 |
it by default or make it optional with a USE flag. |
| 45 |
|
| 46 |
Would it be best to make it into a USE flag so users have the choice, |
| 47 |
install it by default or simply not offer it at all? |
| 48 |
|
| 49 |
Both sides should be happy with a USE flag IMHO. So long as it closes |
| 50 |
the wget bug I'm all for it. |
| 51 |
-- |
| 52 |
gentoo-dev@g.o mailing list |
Archives