Using system SSL certificates...
Brad Hards
bradh at frogmouth.net
Wed Feb 3 01:17:12 GMT 2010
On Saturday 30 January 2010 08:21:17 Thiago Macieira wrote:
> The Qt non-Firefox certificates contain the likes of VeriSign, Thawte and
> Equifax. The question is: why are those well-known certificates in Qt but
> not in Firefox?
Based on the log, it appears Qt may have just taken the cert bundle from an
earlier version of KDE (when George Staikos was actively managing it).
George's policy (which I concur with) was that a cert in either Firefox or IE
was OK, if the vendor requested it. It is not OK to just add certificates
without doing appropriate checks of the vendors practices and policies, and
KDE doesn't have the resources to do that, hence the out-sourcing approach.
FWIW, I'd support removing the cert bundle from KDE and just using mozilla's
bundle. Ideally we'd support using system certs where the OS or vendor
provides them.
Brad
More information about the kde-core-devel
mailing list