From: Curtis Napier <curtis119@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] heads up: adding ca-certificates as a PDEPEND to openssl
Date: Fri, 30 Dec 2005 23:17:59 -0500 [thread overview]
Message-ID: <43B60677.5090501@gentoo.org> (raw)
In-Reply-To: <20051230205940.4903e1b7@edune.lan>
Yuri Vasilevski wrote:
> Now, being a little bit less ideological, I think it is perfectly ok to
> add certificates from some organizations like CACert.org that try to
> make security free for all Internet users as well as open source
> projects' certificates (like debian ones). But it should be up to
> businesses to buy they're way into openssl by the means of this
> "sponsoring".
>
> So my suggestions is to add root certificates only for non for profit
> organizations. (For intermediate certificates that already have root
> certificate bundled with openssl it ok in all cases). Or at last don't
> make it a RDEPEND but an einfo "you may want to intall X for Y reason".
>
>
>
>>this will inadvertently fix this fun bug:
>>http://bugs.gentoo.org/101457
>>and probably more in the future
>
>
> In this king of cases it is probably better to ask upstream to bug
> they're CA to "sponsor" openssl or use some free CA.
>
> Yuri.
I was unaware that openssl worked that way, ie "sponsor in exchange for
inclusion". This seems like a fair and honest way for them to raise
funds but gives companies the ability to use openssl even if they don't
sponsor. But *must* we honor that? Has anyone asked them?
I agree with this point 1000000%: Any organization that is free to the
public should be included. But should we exclude the ones that are
for-profit? I don't know but I have some pros and cons about including it.
It would be good PR for Gentoo to honor that funding scheme. Helping a
fellow FOSS project in this way is just being "neighbourly" and will
keep us out of slashdot. Plus it makes me feel warm and fuzzy inside.
Don't include it at all or make it optional with a USE flag.
Good PR aside including all the certificates is better for the user
because they don't have to manually search for the certificate and
install it. Not to mention the wget bug with realplayer. I don't know
about anyone else but when something Just Works(tm) I am happy. Install
it by default or make it optional with a USE flag.
Would it be best to make it into a USE flag so users have the choice,
install it by default or simply not offer it at all?
Both sides should be happy with a USE flag IMHO. So long as it closes
the wget bug I'm all for it.
--
gentoo-dev@gentoo.org mailing list
next prev parent reply other threads:[~2005-12-31 4:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-30 22:34 [gentoo-dev] heads up: adding ca-certificates as a PDEPEND to openssl Mike Frysinger
2005-12-31 2:59 ` Yuri Vasilevski
2005-12-31 4:17 ` Curtis Napier [this message]
2005-12-31 4:38 ` Mike Frysinger
2005-12-31 4:47 ` Doug Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43B60677.5090501@gentoo.org \
--to=curtis119@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox