On Nov 26, 2013, at 12:58 PM, Rolf Pedersen wrote:

> 
> On 11/26/2013 08:51 AM, Raphaël Jadot wrote:
>>> 2. More importantly, less ambiguously, the browser security warnings
>>> >and need for manual intervention is a "turn-off" for OMV adoption and
>>> >should be avoided, if possible, imo.
>> Yes, this is something I understand, even if not sure to agree:)  We
>> are a community, and there will no be some "tyranic" decision, so of
>> course we will not keep this situation if users considers it as an
>> issue.
>> 
> Well, I'm not well-educated in all the issues and technicalities, albeit 
> being a user of Mandrake et. seq. since early 2000.  The philosophy of FOSS, 
> introduced by Stallman, Torvalds, and other pioneers is of the primary 
> importance.  However, after all this time of daily Linux usage, I'm flummoxed 
> by the challenge to override the browser warning, to make an exception.  
> Acting in near ignorance, I don't feel my security is being enhanced, as I 
> need the browsers to do my thing, and just start pushing buttons.  The spying 
> by militaristic governments on one another is nothing new, just more visible 
> and potentially invasive via the same technology that enabled the rapid 
> advancement of Linux.  So, it's a hard choice. There is some merit in being 
> approachable, important for what I see OMV is trying to become.  Could the 
> installation of the necessary certificates be made more automated/transparent 
> with a package dependency or highly visible and documented widget/button or 
> some such?  To RTFM before going to a website is not a user-friendly 
> mechanism, iiuic.
> Rolf
> 


There isn't much  "free speech" challenge here to understand.

Certificate Authorities follow strict procedures that are described
(and tested) by various standards (and their agents) as part of
a global (i.e. not just linux) infrastructure designed for interoperability.

The compliance testing isn't cheap, and the certification of a CA is
most definitely a direct business cost that must be paid for somehow.

I've heard that the cost of getting a root CA (like CAcert) into browsers
everywhere (as StartSSL has done) is typically about $500K.

The alternative to using an existing CA is to install your own root CA,
and CAcert is a perfectly sensible choice.

The choice is whether "free speech" advocacy or seamless access
of web content is more important to OpenMandriva.

Disclaimer:
There are (of course) other CA's than StartSSL: I point out StartSSL
solely because Eddy Nigg and StartCom/StartSSL have strong
connections to FL/OSS, including a CentOS-clone distribution.

73 de Jeff

Reply via email to