[gna-help] [support #148] certificate not trustworthy (February 11, 2004 - 23:00)


This mail is an automated notification from the support tracker
 of the project: Administration.

[support #148] Full Item Snapshot:

URL: <http://gna.org/support/?func=detailitem&item_id=148>
Project: Administration
Submitted by: 0
On: Wed 02/11/2004 at 23:00

Category:  Homepage
Priority:  5 - Normal
Severity:  F - Security
Resolution:  None
Assigned to:  None
Originator Email:  0wz2yy902@xxxxxxxxxxxxxx
Status:  Open

Summary:  certificate not trustworthy

Original Submission:  Your site certificate is signed by GNAP!.  However, I don't know that I really connected to gna.org, all I know is that I tried to.  And I've never heard of GNAP!.

I temporarily accepted the certificate for the duration of this session, but I would like better assurances that I'm getting real Gna! code and not some trojaned-up hacker worms.  I also would like some assurance any code I check in would actually be covered by the GPL and that this is not some front organization for a law firm representing some litigious bastards somewhere.

The announcements of Gna! should at least mention the creation of a new certificate authority, name it, and start legitimizing it.  I believe it may even be in your best interests to have GNAP!s certificate signed by a different pre-existing root authority.

While the creation of a libre root certificate authority may be a noble goal, it will need to start with some legitimacy or reputation from somewhere outside of itself.  Otherwise, anyone who approaches your site might be frightened off by the "warning - unknown signer" popups.  Perhaps if you get Mozilla (and Opera, and IE) to include your root certificate in their next release ...

For detailed info, follow this link:

  Message sent via/by Gna!

You are on the gna.org mail server.

Generated by mhonarc 2.6.8, Thu Feb 12 10:00:04 2004