www.spi-inc.org uses an invalid security certificate

Thijs Kinkhorst thijs at debian.org
Fri Feb 28 08:42:29 UTC 2014

On Thu, February 27, 2014 18:37, Jimmy Kaplowitz wrote:
> You may ask why SPI hasn't signed up for one of the commercial options.
> Turns out there really isn't a good one. Some examples: purchasing an
> official intermediate CA would be expensive and we're smaller than the
> vendors typically intend; Debian needs to run its own sub-CA for its
> system administrative needs; the free SSL certificate options like
> StartSSL are not compatible with teams like Debian which justifiably
> need a sysadmin team associated with the account instead of an individual;
> etc. All of this is in addition to the very small nature of the trust
> benefit of commercial CAs over what we have now.

Since Debian is in the process of replacing its SSL certificates by ones
supplied by Gandi (that are recognised by all major browsers), it seems
like this could be a good option for SPI aswell.


More information about the Spi-general mailing list