Robin, > there's been discussion over this before, several people have > pointed out it's a shoddy way to do things. apparently openmoko sign > their own certificates (i think), so it's not recognised as coming > from a certificate authority.
It's a long story, but definitely not a 'shoddy way'. A long time ago, we decided to use the community-driven certificate authority CAcert.org Please read more about it at http://en.wikipedia.org/wiki/Cacert This noble cause unfortunately brought some practical problems with it - very few browsers natively acknowledge the CAcert root certificate, until today. Why couldn't we just have paid the 30 USD or whatever it takes to get 'regular' SSL certificate from cheap shops such as GoDaddy etc? Of course we could, but we had made so many choices against convenience and in favor of doing 'the right thing', that adding this one more seemed natural to the people that were doing the work back then. Fast forward to today, please understand that pretty much everybody in the Openmoko community is now a volunteer. So even though the CAcert idea might have been a noble cause, today the complications it brings are aggravated by certificates that have expired, etc. Maybe we can improve the certificates one day, maybe enable personalization for the mailing lists so that one-click unsubscribe footers are possible, etc. The people that are maintaining the servers in their free time deserve our support. Cheers everybody! Wolfgang Robin Paulson wrote: > 2009/7/11 Andreas Jonasson <andreas-jonas...@telia.com>: > >> I actually did click that link before I sent my initial email to you but got >> an error message saying that there is a problem with the security >> certificate of this site. It is recommended that I do not proceed to visit >> this site. I don't understand the risk with ignoring such messages. Sorry >> for the trouble. >> > > yeah, there's been discussion over this before, several people have > pointed out it's a shoddy way to do things. apparently openmoko sign > their own certificates (i think), so it's not recognised as coming > from a certificate authority. there's three things you can do: > > 1. change the 'https' at the start of the address to 'http' > 2. manually accept the certificate > 3. tell openmoko this is a bad way to do things, and to either get > certificates which aren't signed by them, or not use an https address > for something as trivial as unsubscribing from an email list. it > scares and confuses people to 'Add Security Exceptions' > > _______________________________________________ > support mailing list > support@lists.openmoko.org > https://lists.openmoko.org/mailman/listinfo/support > _______________________________________________ support mailing list support@lists.openmoko.org https://lists.openmoko.org/mailman/listinfo/support
