1 |
On Tue, Feb 5, 2013 at 11:59 AM, Dirkjan Ochtman <djc@g.o> wrote: |
2 |
> I think it's really quite silly that we keep inconveniencing ourselves |
3 |
> and our user by not having proper certificates that get recognized by |
4 |
> all the major browsers, preferably wildcard variants (particularly for |
5 |
> Bugzilla attachments). |
6 |
|
7 |
My knee-jerk reaction is that your browser has a bug. It thinks that |
8 |
it is appropriate to sound alarms for unauthenticated SSL connections |
9 |
but not for unauthenticated non-SSL connections. A workaround is to |
10 |
emerge ca-certificates. |
11 |
|
12 |
That said, I do understand your concerns (my pet peeves with the CA |
13 |
infrastructure and modern browsers notwithstanding). |
14 |
|
15 |
> |
16 |
> I'd be happy to handle the certificates and renew them every time when |
17 |
> needed, passing them on to infra staff via a channel they deem secure |
18 |
> enough, although it would be nice if someone else can provide me with |
19 |
> funds (e.g. the Trust/Foundation?). |
20 |
|
21 |
I'm sure the trustees would be interested as long as this was aligned |
22 |
with infra. I'd reach out to them first and work out a plan - paying |
23 |
for it is likely to not be a big issue (and we've had offers of |
24 |
donated certificates as well). |
25 |
|
26 |
Rich |