From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1K089n-0004Vd-Fk for garchives@archives.gentoo.org; Sun, 25 May 2008 04:48:31 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 67AA4E03E3; Sun, 25 May 2008 04:48:30 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 39FB9E03E3 for ; Sun, 25 May 2008 04:48:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 7083467B36 for ; Sun, 25 May 2008 04:48:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -0.123 X-Spam-Level: X-Spam-Status: No, score=-0.123 required=5.5 tests=[AWL=0.062, BAYES_40=-0.185] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h59i82OUk79L for ; Sun, 25 May 2008 04:48:23 +0000 (UTC) Received: from mail.isohunt.com (b01.ext.isohunt.com [208.71.112.51]) by smtp.gentoo.org (Postfix) with ESMTP id 95CD3677CB for ; Sun, 25 May 2008 04:48:23 +0000 (UTC) Received: (qmail 31438 invoked from network); 25 May 2008 04:48:22 -0000 Received: from S010600022af11287.vc.shawcable.net (HELO curie.orbis-terrarum.net) (24.84.179.214) (smtp-auth username robbat2@isohunt.com, mechanism login) by mail.isohunt.com (qpsmtpd/0.33-dev on beta01) with (AES256-SHA encrypted) ESMTPSA; Sun, 25 May 2008 04:48:22 +0000 Received: (qmail 24516 invoked by uid 10000); 24 May 2008 21:48:36 -0700 Date: Sat, 24 May 2008 21:48:36 -0700 From: "Robin H. Johnson" To: gentoo-project@lists.gentoo.org Subject: [gentoo-project] Gentoo SSL certificates switching to CACert Message-ID: <20080525044836.GQ12414@curie-int.orbis-terrarum.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gSSGYPGSs0dvYOj7" Content-Disposition: inline User-Agent: Mutt/1.5.16 (2007-06-09) X-Archives-Salt: bfad5230-b298-4be0-a570-16c0ac02cb9e X-Archives-Hash: aa8da82e5438f36945334f591cfb6390 --gSSGYPGSs0dvYOj7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In the past, all of the SSL certificates for Gentoo services (forums.g.o, bugs.g.o, etc) were all self-signed. Now that the foundation is in good legal standing again, we are making headway with replacing the certificates with those from CACert, via their Organization assurance program. =46rom the perspective of users, if their browsers trust the CACert Level 3 certificate or the Level 1, then the browser should trust the new Gentoo certificates. One of the new certificates is live on forums.gentoo.org as of today, but exposed the need for some further display improvements only (wrong email address) - it still functions perfectly. If your browser doesn't include the CACert roots, see either: http://wiki.cacert.org/wiki/BrowserClients https://www.cacert.org/index.php?id=3D3 Or make sure you have the latest ca-certificates package (if the browser uses it), and that update-ca-certificates was run properly. --=20 Robin Hugh Johnson Gentoo Linux Developer & Infra Guy E-Mail : robbat2@gentoo.org GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 --gSSGYPGSs0dvYOj7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Robbat2 @ Orbis-Terrarum Networks - The text below is a digital signature. If it doesn't make any sense to you, ignore it. iEYEARECAAYFAkg476QACgkQPpIsIjIzwixhlACdFcJAGEpPbCxXPnJPu0zVCh6g a4sAoPNygmvznACEZSQYw6kOb/U6yj6y =V6GA -----END PGP SIGNATURE----- --gSSGYPGSs0dvYOj7-- -- gentoo-project@lists.gentoo.org mailing list