Lots of discussion on Planet Gnome about self-signed certificates and SSL and so on. I wonder if the Linux distros should get together and create a new CA, and then install that CA’s root certificate in browsers? So that way, things like various project bugzillas will have a legit SSL certificate without having to pay if they don’t want to. Of course, this new FreeSoftwareProjectCA would still have to go through the same verification processes to ensure that a given certificate is being asked for by the right people, etc, etc. Obviously, the root certificate would only be installed in your browsers if you get them from your distro (because the distros would add them to their browser packages) — this means that people on Windows or who install their own copy of Firefox (or whatever) would still get the “this is a certificate I don’t recognise” warning. However, that’s no worse off than it is now, and I think it’s reasonable to assume that people who use bug-tracking sites for free software projects running on a free software OS are disproportionately people using that OS who will therefore have the certificate. (Update: johnath says “StartSSL, in the Firefox 3 root store, offers SSL certificates for free“, which might have the same effect; I don’t know whether StartSSL’s root certificate is in other browsers, but that’s no worse than the idea that I propose above.)

I'm currently available for hire, to help you plan, architect, and build new systems, and for technical writing and articles. You can take a look at some projects I've worked on and some of my writing. If you'd like to talk about your upcoming project, do get in touch.

More in the discussion (powered by webmentions)

  • (no mentions, yet.)