Re: git and https
On Fri, May 29, 2015 at 8:21 PM, Riley Baird wrote:
> If having to manually add a CA annoys the Ubuntu developers that
> much, then surely they could just include the Debian CA certificate to
> Ubuntu's default?
Steve answered the Ubuntu part, but there is also the "etc" people;
there are myriad operating systems, people who discover our website
for the first time probably are using a browser that only trusts mafia
certs.
> Anyway, I don't see the point in using both mafia CAs and non-mafia
> CAs. If you get the mafia CAs, you'll still be paying the extortion
> money regardless of whether or not you use the non-mafia CAs.
The point would be that people who don't trust the mafia CAs can pin
*.debian.org domains to a Debian CA (verified via OpenPGP
web-of-trust, say) by specifying a specific subdomain of each service,
debca.www.debian.org or pin.www.debian.org or non-mafia.debian.org for
eg.
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: