GNOME Bugzilla – Bug 772897
Consider switching from StartCom to a different CA
Last modified: 2016-11-15 21:21:24 UTC
As you might have heard, recently, there has been quite the discussion about the trustworthiness and future of WoSign, who (now not so secretly any more) owns StartCom: https://wiki.mozilla.org/CA:WoSign_Issues There has been talk (mozilla/google) and a little action (apple) about distrusting WoSign certificates in some form, but I doubt they will block current certs from StartCom - too many sites use them currently. Nevertheless, if it was not already planned, I want to suggest *.gnome.org switch to another certificate provider. The practical reason is that the current cert expires 2017-03 and who knows if the renewed one will be trusted everywhere? My personal reason is that I want this and other sites not to support a -imho- bad CA and make it possible to eventually distrust everything WoSign related without having too much stuff fail, but whatever. :-P One step at a time: https://kernel.org/gandinet-tls-certificates.html
I was unable to install any gnome shell extension as StartCom got untrusted on my system (the download of the extension failed silently in the gnome-shell). I readded the StartCom certificates and extension installation is working again. You should consider moving to a new CA in the near future.
We're on it. Thanks!
The migration is now COMPLETED! Thanks!