[Pkg-mozext-maintainers] RFS: https-everywhere

Paul Wise pabs at debian.org
Mon Sep 26 00:56:19 UTC 2011

On Sun, 2011-09-25 at 13:19 -0300, Rogério Brito wrote:

> That's provided by a tool called wrap-and-sort.

Interesting, didn't know about that yet, thanks

> Did your "found interesting" mean that you didn't like this or that
> you were not familiar with it?

I practice manual wrapping myself for the same reasons you mention, but
not quite so extensively and found wrapping one item in a field a bit
strange since I don't do that myself.

> Yes, I can include rules for those, but I will have to see if there
> are no problems with those. Do we use any self-signed certificates?
> The upstream maintainers disable those rules by default.

The SPI CA signs the Debian CA, which signs each of the certs for these.
There is also a GPG signature of the SPI CA fingerprints by Joerg
Jaspert. None of this ties into the usual metric assload of SSL mafia
certificates most browsers include so yeah I guess they will want to
disable them by default.

> Do you mean a Debian.NEWS or a regular, upstream-provided news? I
> guess you meant the latter, but there's little we can do about that, I
> guess.

The upstream provided NEWS files, as specified by the GNU coding
standards documents.

> You can change the address of your page on the Debian wiki to use
> https instead of plain http.

With the current cert and broken-ass browser SSL-related user interface
that would just result in annoying warnings for non-Debian users.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 933 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozext-maintainers/attachments/20110926/0ff31524/attachment.pgp>

More information about the Pkg-mozext-maintainers mailing list