On Tue, Feb 5, 2013 at 11:59 AM, Dirkjan Ochtman <d...@gentoo.org> wrote: > I think it's really quite silly that we keep inconveniencing ourselves > and our user by not having proper certificates that get recognized by > all the major browsers, preferably wildcard variants (particularly for > Bugzilla attachments).
My knee-jerk reaction is that your browser has a bug. It thinks that it is appropriate to sound alarms for unauthenticated SSL connections but not for unauthenticated non-SSL connections. A workaround is to emerge ca-certificates. That said, I do understand your concerns (my pet peeves with the CA infrastructure and modern browsers notwithstanding). > > I'd be happy to handle the certificates and renew them every time when > needed, passing them on to infra staff via a channel they deem secure > enough, although it would be nice if someone else can provide me with > funds (e.g. the Trust/Foundation?). I'm sure the trustees would be interested as long as this was aligned with infra. I'd reach out to them first and work out a plan - paying for it is likely to not be a big issue (and we've had offers of donated certificates as well). Rich
