--nextPart2422609.i2kXhDazoL
Content-Type: Text/Plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable

Em Ter=E7a-feira 2. Fevereiro 2010, =E0s 17.17.12, Brad Hards escreveu:
> On Saturday 30 January 2010 08:21:17 Thiago Macieira wrote:
> > The Qt non-Firefox certificates contain the likes of VeriSign, Thawte a=
nd
> > Equifax. The question is: why are those well-known certificates in Qt b=
ut
> >=20
> >  not in Firefox?
>=20
> Based on the log, it appears Qt may have just taken the cert bundle from =
an
> earlier version of KDE (when George Staikos was actively managing it).
>=20
> George's policy (which I concur with) was that a cert in either Firefox or
> IE was OK, if the vendor requested it. It is not OK to just add
> certificates without doing appropriate checks of the vendors practices and
> policies, and KDE doesn't have the resources to do that, hence the
> out-sourcing approach.
>=20
> FWIW, I'd support removing the cert bundle from KDE and just using
> mozilla's bundle. Ideally we'd support using system certs where the OS or
> vendor provides them.

That's what I did. I took the Mozilla file that describes their cert list.

But I found out that there are 48 certificates that exist today in Qt but n=
ot=20
in Firefox.

The question is: why? Why doesn't Firefox carry VeriSign and Thawte=20
certificates?

Or, if they do, where is the full list of their certificates?
=2D-=20
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
  Senior Product Manager - Nokia, Qt Development Frameworks
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

--nextPart2422609.i2kXhDazoL
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQBLaQ8bM/XwBW70U1gRAuM8AKC0Vc97gqJcFNUglvYo4r1PhmwHRgCfaXm/
uDgGh+AvuMupagx4ZtFN1+4=
=aTaT
-----END PGP SIGNATURE-----

--nextPart2422609.i2kXhDazoL--