![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
Re: CVE request: gajim - code execution and sql injection
From: Yves-Alexis Perez <corsac () debian org>
Date: Mon, 09 Apr 2012 08:50:09 +0200
On dim., 2012-04-08 at 23:21 -0600, Kurt Seifried wrote:
On 04/08/2012 07:33 PM, Carlos Alberto Lopez Perez wrote:On 08/04/12 17:59, Kurt Seifried wrote:On a side note: if you want a free SSL certificate please use something like http://cert.startcom.org/ which is included within most browsers. cacert.org is not included in any (that I know of) browsers, I have no idea what the cacert practices are (and I can't find any documentation on their site) so there's no way that root key will be loaded by myself (and most people I know).Cacert.org CA is trusted by the majority of Linux/BSD distributions and therefore for any browser running on it. http://wiki.cacert.org/InclusionStatusAccording to the page you quote it's not in any Mozilla browsers by default (or any major web browser that I can see), it's not in Fedora or Red Hat Enterprise Linux or any derivatives of Red Hat Enterprise Linux, or Ubuntu or SuSE Linux to name a few (not to mention Mac OS X or Windows).
Cacert.org is included in Debian ca-certificates package, and thus in the Ubuntu one (just stating fact, not that I find that good or bad).
I don't understand why people choose a widely unsupported CA when there are widely supported CAs like StartCom that offer free certificates. Please, use supported CAs.
This is a bit off-topic (for the thread, maybe not for the list). It seems that people like Cacert.org because of the trust model it represents (afaict it tries to fit the GPG web of trust to x509). Regads, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- CVE request: gajim - code execution and sql injection David Black (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Carlos Alberto Lopez Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Yves-Alexis Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Carlos Alberto Lopez Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)