ubuntuforums-unanswered team mailing list archive

Thread
Date

Re: [Question #79192]: alioth.debian.org uses an invalid security certificate

To: ubuntuforums-unanswered@xxxxxxxxxxxxxxxxxxx
From: midnightflash <question79192@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 05 Aug 2009 10:00:13 -0000
Reply-to: question79192@xxxxxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Question #79192 on ca-certificates in ubuntu changed:
https://answers.launchpad.net/ubuntu/+source/ca-certificates/+question/79192

    Status: Open => Answered

midnightflash proposed the following answer:
@Era: That alioth.debian.org server is just signed with a private key.
No need to worry about. This is much more secure than with no key. Of
course it would be nicer to just go to such a site.

The Problem in my mind is that the modern browsers (f.e. Firefox-3,
IE-7) are senselessly telling you that it is insecure to go there.
Indeed it is absolutely OK to go there... just to go through the key-
accept-thing every first-time.

Debian could get their key signed f.e. by "officials" like Thawte or CA
or something... for money or not... so the browsers are not moaning...
but no need indeed.

Greetings
mid

-- 
You received this question notification because you are a member of UF
Unanswered Posts Team, which is an answer contact for Ubuntu.