I've just noticed that cacert.org certificates was removed from
"ca-certificates" a month ago. From changelog [1]:
* No longer ship cacert.org certificates. Closes: #718434, LP: #1258286
I'm disappointed by this decision and from #718434 I don't get
a clear picture what is wrong with cacert.org. For years we were
shipping their certificates and IMHO there should be a damn good
reason to stop doing so. I wish maintainer would state the reason for
removal in cahngelog.
Is situation with cacert.org certificates dramatically worsened lately?
Any security flaws were discovered?
What we're gaining from dropping their certificates?
Did we notify cacert.org about our intentions to drop their certificates?
What were their comments? Did they provide time frame to address our concerns?
Cacert.org web of trust model is very similar to ours. To me it is
essentially more trustworthy than what for-profit CAs offer.
Cacert.org (as the only non-profit community managed CA) needs our support.
How dropping cacert.org certificates is going to benefit our communities?
The following comment highlight some benefits of providing cacert.org
certificates:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434#209
I want cacert.org certificates to raise no warning in browsers. This way we
can encourage use of cacert.org certificates as alternative to self-signed
certificates and therefore promote the use of HTTPS.
Users are supposed to check certificate properties for encrypted connections
if/when they want to check certificate authenticity. I think dropping
cacert.org did more harm than good. Perhaps it's better to promote packages like
"xul-ext-certificatepatrol" rather than punish cacert?
After all I'm sure cacert.org team is doing their best just like we all do
in Debian.
[1]: http://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/unstable_changelog
--
Cheers,
Dmitry Smirnov
GPG key : 4096R/53968D1B
---
The most fatal blow to progress is slavery of the intellect. The most
sacred right of humanity is the right to think, and next to the right to
think is the right to express that thought without fear.
-- Helen H. Gardner, "Men, Women and Gods"
Attachment:
signature.asc
Description: This is a digitally signed message part.