[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freedesktop-create
Subject:    Re: [CREATE] SwatchBooker 0.6
From:       Olivier BERTEN <olivier.berten () gmail ! com>
Date:       2010-03-02 8:27:45
Message-ID: 4B8CCC01.6060504 () gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


I moved the SwatchBooker project to Launchpad
http://launchpad.net/swatchbooker

By the way, as I forgot to say in my announcement, the main project page
stays http://www.selapa.net/swatchbooker/

Olivier

Jon Cruz a écrit :
> On Feb 28, 2010, at 11:56 PM, a.l.e wrote:
> 
> 
> > it doesn't look like an invalid certificate to me... isn't it a self signed one? \
> > or more probably one issued by an entity which does not have its root certificate \
> > included per default in your browser? 
> > i guess that if your using linux or any bsd (as you always should :-) you should \
> > have an option to install the community based root certificates through your \
> > packet management system. then everything will be ok! 
> 
> Well, there are a few problems.
> 
> One is that installing any root cert exposes high risk. And then this particular \
> one is known to have problems. 
> So, yes, one *could* set things to accept it... but then that circumvents most of \
> the security that is normally gained from SSL. 
> But a *VERY* important aspect is that for distribution of software one should not \
> require the average end user to turn off their security. Nowadays that is much more \
> important. 
> And it appears that as a *root* cert for a browser, this particular one has some \
> big issues. For peer-to-peer, email, etc things may not be such a problem, but for \
> a browser root cert this is a very high-risk item. Auditing issues, withdrawal from \
> mozilla consideration, etc., all come in to play. Again, for a personal chain of \
> trust things might work well, but a browser is too all-or-nothing when it comes to \
> root certs. _______________________________________________
> CREATE mailing list
> CREATE@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/create
> 
> 


[Attachment #5 (text/html)]

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
I moved the SwatchBooker project to Launchpad<br>
<a class="moz-txt-link-freetext" \
href="http://launchpad.net/swatchbooker">http://launchpad.net/swatchbooker</a><br> \
<br> By the way, as I forgot to say in my announcement, the main project
page stays <a class="moz-txt-link-freetext" \
href="http://www.selapa.net/swatchbooker/">http://www.selapa.net/swatchbooker/</a><br>
 <br>
Olivier<br>
<br>
Jon Cruz a &eacute;crit&nbsp;:
<blockquote cite="mid:3ABF4929-ECC3-4D73-BD7A-7AA47830B0EB@joncruz.org"
 type="cite">
  <pre wrap="">On Feb 28, 2010, at 11:56 PM, a.l.e wrote:

  </pre>
  <blockquote type="cite">
    <pre wrap="">it doesn't look like an invalid certificate to me... isn't it a self \
signed one? or more probably one issued by an entity which does not have its root \
certificate included per default in your browser?

i guess that if your using linux or any bsd (as you always should :-) you should have \
an option to install the community based root certificates through your packet \
management system. then everything will be ok!  </pre>
  </blockquote>
  <pre wrap=""><!---->
Well, there are a few problems.

One is that installing any root cert exposes high risk. And then this particular one \
is known to have problems.

So, yes, one *could* set things to accept it... but then that circumvents most of the \
security that is normally gained from SSL.

But a *VERY* important aspect is that for distribution of software one should not \
require the average end user to turn off their security. Nowadays that is much more \
important.

And it appears that as a *root* cert for a browser, this particular one has some big \
issues. For peer-to-peer, email, etc things may not be such a problem, but for a \
browser root cert this is a very high-risk item. Auditing issues, withdrawal from \
mozilla consideration, etc., all come in to play. Again, for a personal chain of \
trust things might work well, but a browser is too all-or-nothing when it comes to \
root certs. _______________________________________________
CREATE mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:CREATE@lists.freedesktop.org">CREATE@lists.freedesktop.org</a> <a \
class="moz-txt-link-freetext" \
href="http://lists.freedesktop.org/mailman/listinfo/create">http://lists.freedesktop.org/mailman/listinfo/create</a>


  </pre>
</blockquote>
<br>
</body>
</html>



_______________________________________________
CREATE mailing list
CREATE@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/create


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic