[Tux4kids-discuss] Download Certificate Issue

[David Bruce]

Hi Theodore,

When I attempt to download Tux Math in using Firefox or Chrome I get a
> security certificate message.
>

We have known about this for years.  It occurs because Alioth uses
self-signed security cerficates.  It has nothing specifically to do with
Tux Math, and it doesn't mean our software has any malware or security
issues.  If you like, you can download the same files from SourceForge,
which is a real company with resources to pay for commercial SSL certs et
al.

The Alioth admins are aware of the issue, but it's an all-volunteer setup,
and they have all they can do with higher priority issues.  I don't think
they plan to do anything about it.  I'm wondering if we should make
SourceForge or GitHub our primary download site to avoid frightening
potential users with these warnings.

For recent releases, I have started to include checksums and gpg signatures
with the releases, which in theory (at least if I got my gpg key signed
enough times to be sufficiently "trusted" in the OSS world) serve largely
the same function as a ssl cert to confirm that the packages really came
from us and haven't been altered.  But casual users don't know about this
stuff.

-- 
David Bruce

For all your software needs, visit The Apt Store:
deb http://ftp.us.debian.org/debian stable main
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/tux4kids-discuss/attachments/20120307/745d30cf/attachment.html>