From kde-core-devel Wed Feb 03 01:17:12 2010 From: Brad Hards Date: Wed, 03 Feb 2010 01:17:12 +0000 To: kde-core-devel Subject: Re: Using system SSL certificates... Message-Id: <201002031217.12641.bradh () frogmouth ! net> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=126515991105072 On Saturday 30 January 2010 08:21:17 Thiago Macieira wrote: > The Qt non-Firefox certificates contain the likes of VeriSign, Thawte and > Equifax. The question is: why are those well-known certificates in Qt but > not in Firefox? Based on the log, it appears Qt may have just taken the cert bundle from an earlier version of KDE (when George Staikos was actively managing it). George's policy (which I concur with) was that a cert in either Firefox or IE was OK, if the vendor requested it. It is not OK to just add certificates without doing appropriate checks of the vendors practices and policies, and KDE doesn't have the resources to do that, hence the out-sourcing approach. FWIW, I'd support removing the cert bundle from KDE and just using mozilla's bundle. Ideally we'd support using system certs where the OS or vendor provides them. Brad