[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-help-public] missing SSL cert from savannah site
|
From: |
Karl Berry |
|
Subject: |
Re: [Savannah-help-public] missing SSL cert from savannah site |
|
Date: |
Mon, 28 Sep 2009 18:54:04 -0500 |
> I think the thing to do would be to convince Mozilla to include
CAcert
> root certificate in Firefox.
>
> Someone said that this was already being worked on.
That would be ideal, but the CAcert web site does not show signs of
substantial progress.
CAcert withdrew their request for inclusion in Mozilla in April 2007,
stating they could not satisfactorily complete the required audit.
(https://bugzilla.mozilla.org/show_bug.cgi?id=215243#c158) The person
who was the "Auditor" was one Ian Grigg, who then resigned in June 2009
without the audit being completed. I see no information about a
replacement.
According to http://wiki.cacert.org/AuditToDo (the place that
http://wiki.cacert.org/InclusionStatus tells you to look), there are
many large-scale tasks that have to be addressed before they can
satisfactorily complete an audit, some of which have been pending for
years.
A message from Ian dated yesterday
https://lists.cacert.org/wws/arc/cacert-board/2009-09/msg00333.html is
about the structure of the audit organization. The fact that they are
still debating at this level, and more importantly the lack of any
recent information on their status pages, makes me think they are very
far from inclusion.
After this research today, my feeling is that we will be waiting for
some additional amount of time measured in years, and that there is a
significant probability that they will never succeed.
If there is more positive news about CAcert inclusion in Mozilla, I
would be glad to hear it.
karl
P.S. Jon: it's not about money.
Re: [Savannah-help-public] missing SSL cert from savannah site,
Karl Berry <=