> [beuc - Tue Jan 17 15:02:28 2006]: > > > CAcert.org is not a recognized CA by any major browser, so at the end of > > the day, it's no more secure than signing your own certificates. > > Yes, the point is that they may be in the future.
They may very well be. At least from reading their lobbying efforts to get included in Mozilla, they've certainly got some political controversy surrounding them (are they really only run by one guy?). But like I said, we don't particularly care -- it's not any more secure unless they earn that trust. > I can't. I'm offered the following choice: > [EMAIL PROTECTED] > [EMAIL PROTECTED] > [EMAIL PROTECTED] > [EMAIL PROTECTED] > [EMAIL PROTECTED] Wow. That's the exact opposite of every CA I've worked with -- and it makes very little sense. > Maybe you can, as a quick work-around, have the MXes set to mx10&al > for savannah.gnu.org (as Jim did for cvs.savannah.gnu.org). It appears we will have to do this if you are to get this cert from Duane. > If I'm not mistaken [EMAIL PROTECTED] should then receive > [EMAIL PROTECTED] Not exactly. We'd have to specify that behavior. But we're much more inclined to simply have it go to savannah hackers. > Do you think there is any issue with adding MXes to Savannah? We may > need this in the future, for example when Savane implements a mail > interface for the trackers. Any mail that Savannah receives will have to come through the GNU mail gateway. It would not go to Savannah directly. > (2 actually: gnu.org & nongnu.org) > > Do you mean buying additional certificates to entrust.net? Or > something else? Entrust, yes. -jag -- Joshua Ginsberg <[EMAIL PROTECTED]> Free Software Foundation - Senior Systems Administrator
