Hi, On Mon, Mar 31, 2014 at 04:03:30PM -0700, Russ Allbery wrote: > Brian May <br...@microcomaustralia.com.au> writes: > > On 1 April 2014 04:42, Marc Haber <mh+debian-de...@zugschlus.de> wrote: > > >> cacert.org is unuseable if you offer your web site to muggles. It's > >> not in the browsers. > > > Not sure what you mean. cacert.org is unusable at the moment because it > > isn't included in the browsers. Which is the problem we were discussing > > in this thread. > > But nothing Debian does one way or the other is going to get cacert.org's > root certificates into the general end-user browsers. So that's a reality > that we're going to have to continue to live with. > > Given that reality, it's not clear to me that cacert.org certificates > really have much of an advantage for most use cases over self-signed > certificates.
AFAIK in Debian we currently don't offer a simple way to run your own CA with a webgui, autoreminder of expiry, etc. Having Cacert in ca-certificates was a great way to cater for that without any extra setup hazzle. I still don't see why we penalize Debian users for the fact that _other_ operating systems don't include the cacert certificate. Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140401052045.ga2...@bogon.m.sigxcpu.org