[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-help-public] missing SSL cert from savannah site
|
From: |
Sylvain Beucler |
|
Subject: |
Re: [Savannah-help-public] missing SSL cert from savannah site |
|
Date: |
Tue, 29 Sep 2009 12:59:48 +0200 |
|
User-agent: |
Mutt/1.5.20 (2009-06-14) |
On Mon, Sep 28, 2009 at 05:59:13PM -0400, Richard Stallman wrote:
> I'd also like a certificate for my Java applets, and also one for my
> ms woe .exe installers which (like Firefox' or OpenOffice's) trigger a
> bad-looking warning under recent versions/SPs of that OS.
>
> What are these Java applets?
> What are these .exe installers?
>
> I'd like to understand what is happening here.
Jon suggested that money would solve the problem because SSL
certificates are cheaper these days.
I ironicaly pointed that pressure to sign everything is extending
outside of SSL certificates:
- A Java applet runs in unprivileged mode by default; when signed, it
runs at full privileges, which is necessary if the user wants to
save data on his computer, for example. If the certificate is not
made by authorities included in the Java Runtime Environment, the
applet system will show an additional warning to the user. The
certification only assess the identity of the software editor, it's
not a security audit.
- Similarly, microsoft windows now displays a fullscreen warning about
the dangers of running executables that are not signed by an
authority that microsoft trusts. This happens in recent versions,
as well as recent upgrades of earlier versions of that OS. I know
people who were afraid of installing OpenOffice.org because of that
warning.
GNU Savannah per-se does not currently make use of Java applets, nor
distributes installers for ms woe, the examples were given to defeat
the point.
--
Sylvain
Re: [Savannah-help-public] missing SSL cert from savannah site, Karl Berry, 2009/09/28