On Sun, 2011-01-23 at 19:32 -0500, Michael Gilbert wrote: > > Also, a discussion could be started with SPI to see if they are > willing to purchase a CA cert. That would at least allow users with > implicit trust in the CA system to get a nice fuzzy feeling when they > see the lock icon when downloading checksums.
It might be worth checking with the various major CAs to see if they'd be willing to issue a cert. for free. I know Thawte has issued them for free to community projects (kernel.org being a notable example), and I would assume that Debian is certainly well-enough established to be eligible for one. -Rob -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/1295829625.2295.57.camel@kestrel
