Re: some feedback about security from the user's point of view
On Sun, 2011-01-23 at 19:32 -0500, Michael Gilbert wrote:
> Also, a discussion could be started with SPI to see if they are
> willing to purchase a CA cert. That would at least allow users with
> implicit trust in the CA system to get a nice fuzzy feeling when they
> see the lock icon when downloading checksums.
It might be worth checking with the various major CAs to see if they'd
be willing to issue a cert. for free. I know Thawte has issued them for
free to community projects (kernel.org being a notable example), and I
would assume that Debian is certainly well-enough established to be
eligible for one.