Hi, On Fri, 30 Dec 2005 17:34:59 -0500 Mike Frysinger <[EMAIL PROTECTED]> wrote:
> just a heads up ... i'm going to be adding the ca-certificates package as a > PDEPEND to the openssl package so most everyone in Gentoo will end up with it > on their system > > for those wondering what this is: > http://packages.debian.org/unstable/misc/ca-certificates > basically it's additional certificates that arent part of the default openssl > distribution I'm not so sure that this is a good idea, as adding CA root certificates is a way to make (good) money for some free projects and unfortunately for some non free ones too. I'm not sure if openssl charges certificate inclusion, but if it does this will interfere with the founding policies (and then development) of openssl. Now, being a little bit less ideological, I think it is perfectly ok to add certificates from some organizations like CACert.org that try to make security free for all Internet users as well as open source projects' certificates (like debian ones). But it should be up to businesses to buy they're way into openssl by the means of this "sponsoring". So my suggestions is to add root certificates only for non for profit organizations. (For intermediate certificates that already have root certificate bundled with openssl it ok in all cases). Or at last don't make it a RDEPEND but an einfo "you may want to intall X for Y reason". > this will inadvertently fix this fun bug: > http://bugs.gentoo.org/101457 > and probably more in the future In this king of cases it is probably better to ask upstream to bug they're CA to "sponsor" openssl or use some free CA. Yuri. -- gentoo-dev@gentoo.org mailing list
