14 Nov
2008
14 Nov
'08
1:59 p.m.
'Ĺo Andy
On Fri, November 14, 2008 13:23, Andy Smith wrote:
Hi Jan,
I hope you don't mind me posting this back to the list. I got the
feeling you intended it to go there.
Not the original intention, but it's OK if it does.
On Fri, Nov 14, 2008 at 12:00:26PM -0000, Jan Henkins
wrote:
You are right. I have inported their root cert a relatively long time ago,
and have migrated it across new Linux installs with my backed up home
directory. At work I use CentOS 5, and it has been bundled already (which
is why my FF3 did not complain, so I suppose it was a false positive
because of these two facts). I will attempt to look into what the current
status is for it's inclusion in Ubuntu 8.04 and 8.10 just to slake my own
curiosity.
I've had a play with CaCERT's stuff
(free, see http://www/cacert.org)
which do work well enough not to upset FF3, at least as far as I can
see.
Only downside is all certs they give out has a default expiry set to 6
months, which can be a bit of a pain. Have you tried this route?
CAcert's root certificate is not present in Mozilla Firefox yet so I
don't know how it is working for you, unless you have told your
Firefox to import it or else your OS packaged it. See: http://wiki.cacert.org/wiki/InclusionStatus
Note the lack of inclusion for Internet Explorer, Mozilla Firefox or
Safari.[1]
What percentage of hits to {lists,panel,tools}.bitfolk.com do you
think come from Debian / Ubuntu / Gentoo / CentOS / Mandriva desktop
users?
Well, that is not something I can surmise about, since I don't have access
to your server logs. :-) Why don't you tell us anyway? Not necessary, but
it would be interesting to know.
[1] I'm not criticising CAcert; I believe their
goal is impossible.
I'm just stating reality.
OK, I understand your point, although I don't agree with "impossible", it
is merely "incredibly hard"! :-) I personally wish them all possible
strength, since it is (at least in my opinion) a very important precedent
that they are trying to set.
--
Regards,
Jan Henkins