[Geany-Devel] Invalid certificate
artur.peka at xxxxx
Sun Oct 25 13:41:59 UTC 2015
In my understanding "invalid" includes "signed by untrusted authority". I'm
no security expert, and for me browser reporting an invalid certificate is
a red flag - I'll have a hard time figuring out that cacert.org are in fact
the "good guys". I believe, this can also turn away some contributors, who
will think the page is abandoned/compromised, without looking into much
As for let's encrypt - they reported several days ago that they are trusted
by major browsers -
https://helloworld.letsencrypt.org/ - it's trusted.
On Sun, Oct 25, 2015 at 2:35 PM, Frank Lanitz <frank at frank.uvena.de> wrote:
> Am 25.10.2015 um 13:17 schrieb Arthur Peka:
> > some may have already said it, but certificate
> > on https://lists.geany.org is invalid. I guess the one from Let's
> > encrypt could be used (which now seems to be trusted)?
> They did a huge step forward, but AFAIK not yet done. By now we are
> using CAcert and the certificate is not invalid only because your
> browser doesn't know the CAcert root certificates¹. It's just untrusted.
> However, the plan is, once the are real online we think about migration.
> ¹ http://www.cacert.org/index.php?id=3
> P.S. Sorry, if this might sounded root. Not sure. Wasn't intended. SSL
> is not just the green lock symbol, it's more. Even an selfsigned
> certifcate can, well in most cases it is if you check fingerprints, be
> more trustworthy than a signed one.
> Devel mailing list
> Devel at lists.geany.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Devel