Gentoo Archives: gentoo-dev

From: Andrea Barisani <lcars@g.o>
To: gentoo-dev@l.g.o
Cc: security@g.o
Subject: [gentoo-dev] ca-certificates PDEPEND
Date: Mon, 09 Jan 2006 16:00:08
1 Regarding the inclusion of ca-certificates as a PDEPEND (yeah a brief
2 exchange of emails already happened on -dev but since it's not so easy to
3 track it I'm lagging behind on this) I would like to express that I really
4 don't like the fact that we are "trusting" certs (among others)
5 without providing it as a choice.
7 Despite all the political views that we can throw in favour of a "
8 are trying to make the SSL certs world less evil" argument this is some major
9 policy that we are supporting and it shouldn't be taken that lightly (I don't
10 remember such a major confrontation about this) and I really don't think this
11 should be a default policy but rather user's choice. Technically
12 is not a recognized CA in the "proper" way (and don't point that a proper CA
13 is a lame concept and a snake oil thing..this is not the point).
15 [CCing security@g.o because this concerns the team as well imho.]
17 Just my 2 eurocent.
19 P.S.
20 I know that firefox doesn't trust /etc/ssl/certs by default, dunno about
21 konqueror. The point is still relevant though.
23 --
24 Andrea Barisani <lcars@g.o> .*.
25 Gentoo Linux Infrastructure Developer V
26 ( )
27 PGP-Key 0x864C9B9E ( )
28 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E ^^_^^
29 "Pluralitas non est ponenda sine necessitate"
30 --
31 gentoo-dev@g.o mailing list


Subject Author
[gentoo-dev] Re: ca-certificates PDEPEND solar <solar@g.o>