https://bugzilla.gnome.org/show_bug.cgi?id=772897
Bug ID: 772897
Summary: Consider switching from StartCom to a different CA
Classification: Infrastructure
Product: sysadmin
Version: unspecified
OS: All
Status: NEW
Severity: minor
Priority: Normal
Component: Certificates
Assignee: sysadmin-ma...@gnome.bugs
Reporter: userwith...@gmail.com
QA Contact: sysadmin-ma...@gnome.bugs
GNOME version: ---
As you might have heard, recently, there has been quite the discussion about
the trustworthiness and future of WoSign, who (now not so secretly any more)
owns StartCom: https://wiki.mozilla.org/CA:WoSign_Issues
There has been talk (mozilla/google) and a little action (apple) about
distrusting WoSign certificates in some form, but I doubt they will block
current certs from StartCom - too many sites use them currently.
Nevertheless, if it was not already planned, I want to suggest *.gnome.org
switch to another certificate provider. The practical reason is that the
current cert expires 2017-03 and who knows if the renewed one will be trusted
everywhere? My personal reason is that I want this and other sites not to
support a -imho- bad CA and make it possible to eventually distrust everything
WoSign related without having too much stuff fail, but whatever. :-P One step
at a time: https://kernel.org/gandinet-tls-certificates.html
--
You are receiving this mail because:
You are watching the QA Contact of the bug.
You are watching the assignee of the bug._______________________________________________
gnome-infrastructure mailing list
gnome-infrastructure@gnome.org
https://mail.gnome.org/mailman/listinfo/gnome-infrastructure
