On Nov 26, 2013, at 12:58 PM, Rolf Pedersen wrote: > > On 11/26/2013 08:51 AM, Raphaël Jadot wrote: >>> 2. More importantly, less ambiguously, the browser security warnings >>> >and need for manual intervention is a "turn-off" for OMV adoption and >>> >should be avoided, if possible, imo. >> Yes, this is something I understand, even if not sure to agree:) We >> are a community, and there will no be some "tyranic" decision, so of >> course we will not keep this situation if users considers it as an >> issue. >> > Well, I'm not well-educated in all the issues and technicalities, albeit > being a user of Mandrake et. seq. since early 2000. The philosophy of FOSS, > introduced by Stallman, Torvalds, and other pioneers is of the primary > importance. However, after all this time of daily Linux usage, I'm flummoxed > by the challenge to override the browser warning, to make an exception. > Acting in near ignorance, I don't feel my security is being enhanced, as I > need the browsers to do my thing, and just start pushing buttons. The spying > by militaristic governments on one another is nothing new, just more visible > and potentially invasive via the same technology that enabled the rapid > advancement of Linux. So, it's a hard choice. There is some merit in being > approachable, important for what I see OMV is trying to become. Could the > installation of the necessary certificates be made more automated/transparent > with a package dependency or highly visible and documented widget/button or > some such? To RTFM before going to a website is not a user-friendly > mechanism, iiuic. > Rolf >
There isn't much "free speech" challenge here to understand. Certificate Authorities follow strict procedures that are described (and tested) by various standards (and their agents) as part of a global (i.e. not just linux) infrastructure designed for interoperability. The compliance testing isn't cheap, and the certification of a CA is most definitely a direct business cost that must be paid for somehow. I've heard that the cost of getting a root CA (like CAcert) into browsers everywhere (as StartSSL has done) is typically about $500K. The alternative to using an existing CA is to install your own root CA, and CAcert is a perfectly sensible choice. The choice is whether "free speech" advocacy or seamless access of web content is more important to OpenMandriva. Disclaimer: There are (of course) other CA's than StartSSL: I point out StartSSL solely because Eddy Nigg and StartCom/StartSSL have strong connections to FL/OSS, including a CentOS-clone distribution. 73 de Jeff
