Re: ca-certificates: no more cacert.org certificates?!?

[Raphael Geissert <geissert@debian.org>]

Marco d'Itri wrote:
> I suggest that anybody who wants to partecipate to this debate should
> clarify if their goal is:
> - choosing appropriate defaults for the general population of our users
> - taking a stand against the PKI system

As a co-maintainer, any email that falls in the second category is a complete 
waste of my time. "ca-certificates" is not trying, nor is the place, to solve 
the problems of the PKI system.

> Anyway, I strongly recommend that nobody waste their time on an issue
> which in a couple of years will be much less relevant thanks to DANE.

If only people actually used DNSSEC and DANE - Chromium/Google Chrome dropped 
support for the latter due to the lack of use[1].

[1]https://www.imperialviolet.org/2011/06/16/dnssecchrome.html

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net