[prev in list] [next in list] [prev in thread] [next in thread]
List: freedesktop-create
Subject: Re: [CREATE] SwatchBooker 0.6
From: Olivier BERTEN <olivier.berten () gmail ! com>
Date: 2010-03-02 8:27:45
Message-ID: 4B8CCC01.6060504 () gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I moved the SwatchBooker project to Launchpad
http://launchpad.net/swatchbooker
By the way, as I forgot to say in my announcement, the main project page
stays http://www.selapa.net/swatchbooker/
Olivier
Jon Cruz a écrit :
> On Feb 28, 2010, at 11:56 PM, a.l.e wrote:
>
>
> > it doesn't look like an invalid certificate to me... isn't it a self signed one? \
> > or more probably one issued by an entity which does not have its root certificate \
> > included per default in your browser?
> > i guess that if your using linux or any bsd (as you always should :-) you should \
> > have an option to install the community based root certificates through your \
> > packet management system. then everything will be ok!
>
> Well, there are a few problems.
>
> One is that installing any root cert exposes high risk. And then this particular \
> one is known to have problems.
> So, yes, one *could* set things to accept it... but then that circumvents most of \
> the security that is normally gained from SSL.
> But a *VERY* important aspect is that for distribution of software one should not \
> require the average end user to turn off their security. Nowadays that is much more \
> important.
> And it appears that as a *root* cert for a browser, this particular one has some \
> big issues. For peer-to-peer, email, etc things may not be such a problem, but for \
> a browser root cert this is a very high-risk item. Auditing issues, withdrawal from \
> mozilla consideration, etc., all come in to play. Again, for a personal chain of \
> trust things might work well, but a browser is too all-or-nothing when it comes to \
> root certs. _______________________________________________
> CREATE mailing list
> CREATE@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/create
>
>
[Attachment #5 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
I moved the SwatchBooker project to Launchpad<br>
<a class="moz-txt-link-freetext" \
href="http://launchpad.net/swatchbooker">http://launchpad.net/swatchbooker</a><br> \
<br> By the way, as I forgot to say in my announcement, the main project
page stays <a class="moz-txt-link-freetext" \
href="http://www.selapa.net/swatchbooker/">http://www.selapa.net/swatchbooker/</a><br>
<br>
Olivier<br>
<br>
Jon Cruz a écrit :
<blockquote cite="mid:3ABF4929-ECC3-4D73-BD7A-7AA47830B0EB@joncruz.org"
type="cite">
<pre wrap="">On Feb 28, 2010, at 11:56 PM, a.l.e wrote:
</pre>
<blockquote type="cite">
<pre wrap="">it doesn't look like an invalid certificate to me... isn't it a self \
signed one? or more probably one issued by an entity which does not have its root \
certificate included per default in your browser?
i guess that if your using linux or any bsd (as you always should :-) you should have \
an option to install the community based root certificates through your packet \
management system. then everything will be ok! </pre>
</blockquote>
<pre wrap=""><!---->
Well, there are a few problems.
One is that installing any root cert exposes high risk. And then this particular one \
is known to have problems.
So, yes, one *could* set things to accept it... but then that circumvents most of the \
security that is normally gained from SSL.
But a *VERY* important aspect is that for distribution of software one should not \
require the average end user to turn off their security. Nowadays that is much more \
important.
And it appears that as a *root* cert for a browser, this particular one has some big \
issues. For peer-to-peer, email, etc things may not be such a problem, but for a \
browser root cert this is a very high-risk item. Auditing issues, withdrawal from \
mozilla consideration, etc., all come in to play. Again, for a personal chain of \
trust things might work well, but a browser is too all-or-nothing when it comes to \
root certs. _______________________________________________
CREATE mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:CREATE@lists.freedesktop.org">CREATE@lists.freedesktop.org</a> <a \
class="moz-txt-link-freetext" \
href="http://lists.freedesktop.org/mailman/listinfo/create">http://lists.freedesktop.org/mailman/listinfo/create</a>
</pre>
</blockquote>
<br>
</body>
</html>
_______________________________________________
CREATE mailing list
CREATE@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/create
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic