(In short: forget the whole thing, all is well.) I don't appreciate the form of this comment.
Sorry. Following your initial inquery at savannah-hackers-public it was shown that Reed's issues were inexistant and I have yet to hear any supported argument on the matter, that is, fitting our education effort a bit more than "off-putting" in the middle of an unrelated conversation. I was not trying to again bring up the question of which CA to use. I was only referring to the fact that what new users were seeing is the "I don't know your root authority" dialog box, or (I guess) something even worse in firefox3. I think that was indeed "off-putting". It occurred to me because we were talking about ssl, user experiences, and such already. However, I just now tried to open https://savannah.gnu.org in the firefox3 from CentOS, and, it seems that the cacert root is in ff3 after all! I was not aware of that. So -- yay! Everything seems good. You don't have to use SSL in that case, I don't understand that. As far as I can tell, it's not possible to get an account or register a project without using https. (Which seems perfectly fine.)