This already went to Michael only, sorry I kept the rest of you out by mistake.
Yes Michael, facts, that's the one thing this whole issue is missing. Just read the request to add CACert into mozilla-firefox http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309564 Yes, this is was a request to do the one thing that Mozilla itself didn't want. It is like asking Dad(ian) for ice-cream after Mom(zilla) said no :D In the very last mail of that discussion madduck turning the burden of proof upside down. You shouldn't argue why not to include or remove CACert, it is CACert who has to proof rock-solid why it should be considered for inclusion. Another important aspect, which you find mentioned in the long mozilla bugreport by mozilla staff and confirmed by auditor Ian Grigg: Requests for inclusion should *only* come from officals of the CA. madduck may be a longtime assurer and have a feel for how good CACert is, but simply can't have the insight a CACert board member or auditor has. But I just found one request that was official (msg #20), Venzuela's Suscerte and I also see that in #37 you've referred them to Mozilla. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609942#20 It is a double standard that you are applying just for SPI and CACert. Oh SPI, how did that get in? By a simple question from Mike Hommey[1]: "Now, realistically, adding CACert should be enough for Lenny. Maybe SPI, could be worth, too." And madduck was happy to comply. We know nothing about SPI, how they create their root certifactes, who can issue new ones and they didn't even ask for it. Remember, we are talking root certificates here, they print passports, not fake passports but the real ones. They can print you one for google.com if they feel like it and it would be a real one. I can research a little more if you feel you need more facts before removing the CACert and SPI root certificates. KDE years ago took a policy not to include unless an audit or big browser say it's okay. https://bugs.kde.org/show_bug.cgi?id=74290#c16 ciao, tom [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309564#129 Am 14.09.2013 um 23:41 schrieb Michael Shuler <mich...@pbandjelly.org>: > On 09/14/2013 12:15 PM, Thomas R. Koll wrote: > > <..lots!..> > > I appreciate you adding some good details and your thoughts to this bug > report, Thomas. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org