[Board] motion: OSGeo signing certificates

Tim Sutton tim at kartoza.com
Sat Oct 17 12:15:06 PDT 2015


Hi
> On 17 Oct 2015, at 21:06, Massimiliano Cannata <massimiliano.cannata at supsi.ch> wrote:
> 
> Right
> Thank for the note.
> Ssl you can have on your server without paying then your browser give an alert but atill no forced to pay for having https... or am i wrong?
> 
> 

Correct. In the case of OS X you can self sign the packages or not sign them at all, but (in similar way to what your browser does, warning you that the signer is not registered), OS X warns you that the package is from an unknown vendor and requires you do dig into the control panel to explicitly allow the package to be run. For QGIS (and probably applies to other FOSS GIS packages) this results in a really bad user experience where they cannot actually run the software on first install without first futzing around in the security settings on each host you install it on.

So while it might be less than ideal to spend money on certificates it is far better than requiring our users to jump through unneeded hoops in order to run the software they have downloaded.

Hope that all makes sense.

Regards

Tim


> Il 17/Ott/2015 20:24, "Tim Sutton" <tim at kartoza.com <mailto:tim at kartoza.com>> ha scritto:
> Hi
> 
>> On 17 Oct 2015, at 08:16, Massimiliano Cannata <massimiliano.cannata at supsi.ch <mailto:massimiliano.cannata at supsi.ch>> wrote:
>> 
>> +0 maxi
>> Because i didn't had the chanche to deeper dig into this, and ideally i don't like a system asking to pay for installing a free software.
>> 
> 
> Just a note that no end user is going to be required to pay anything. The system is very much like buying an SSL certificate for your web site. You buy the certificate from a certificate authority who provides verification if someone asks ‘is this site really encrypted by the people who own it?’. In the case of software you but a signing certificate and sign it, users who download  and install it can verify that it really originates from OSGEO or one of its sub-projects.
> 
> Regards
> 
> Tim
> 
>> Maxi
>> 
>> Il 17/Ott/2015 02:08, "Helena Mitasova" <hmitaso at ncsu.edu <mailto:hmitaso at ncsu.edu>> ha scritto:
>> +1 Helena
>> 
>> > On Oct 16, 2015, at 8:03 PM, Venkatesh Raghavan <raghavan at media.osaka-cu.ac.jp <mailto:raghavan at media.osaka-cu.ac.jp>> wrote:
>> >
>> > +1 Venka
>> >
>> > On 2015/10/17 3:44, 신상희 wrote:
>> >> +1
>> >>
>> >> Sanghee
>> >> 2015. 10. 16. 오후 7:21에 "Jody Garnett"
>> >> <jody.garnett at gmail.com <mailto:jody.garnett at gmail.com>>
>> >> 님이 작성:
>> >>
>> >>
>> >>> I would like to make the following motion:
>> >>>
>> >>> *Authorize up to $500 USD/annual for the SAC to obtain signing
>> >>> certificates for use by OSGeo projects (as per request of the QGIS PSC).
>> >>> Larry Shaffer as agreed to join the SAC committee to facilitate this
>> >>> activity.*
>> >>>
>> >>> Request: Please keep this thread on topic (+1,+0,-0,-1) and save
>> >>> discussion for the other thread if you need a clarification.
>> >>> --
>> >>> Jody Garnett
>> >>>
>> >>> _______________________________________________
>> >>> Board mailing list
>> >>>
>> >>> Board at lists.osgeo.org <mailto:Board at lists.osgeo.org>
>> >>> http://lists.osgeo.org/mailman/listinfo/board <http://lists.osgeo.org/mailman/listinfo/board>
>> >>>
>> >>>
>> >>>
>> >>
>> >>
>> >> _______________________________________________
>> >> Board mailing list
>> >>
>> >> Board at lists.osgeo.org <mailto:Board at lists.osgeo.org>
>> >> http://lists.osgeo.org/mailman/listinfo/board <http://lists.osgeo.org/mailman/listinfo/board>
>> >
>> > _______________________________________________
>> > Board mailing list
>> > Board at lists.osgeo.org <mailto:Board at lists.osgeo.org>
>> > http://lists.osgeo.org/mailman/listinfo/board <http://lists.osgeo.org/mailman/listinfo/board>
>> 
>> Helena Mitasova
>> Professor at the Department of Marine,
>> Earth, and Atmospheric Sciences
>> and Center for Geospatial Analytics
>> North Carolina State University
>> Raleigh, NC 27695-8208
>> hmitaso at ncsu.edu <mailto:hmitaso at ncsu.edu>
>> http://geospatial.ncsu.edu/osgeorel/ <http://geospatial.ncsu.edu/osgeorel/>
>> "All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties.”
>> 
>> _______________________________________________
>> Board mailing list
>> Board at lists.osgeo.org <mailto:Board at lists.osgeo.org>
>> http://lists.osgeo.org/mailman/listinfo/board <http://lists.osgeo.org/mailman/listinfo/board>_______________________________________________
>> Board mailing list
>> Board at lists.osgeo.org <mailto:Board at lists.osgeo.org>
>> http://lists.osgeo.org/mailman/listinfo/board <http://lists.osgeo.org/mailman/listinfo/board>
>> 
> 
> <KartozaLogo160x66.png>
> 
> 
> Tim Sutton
> 
> Visit http://kartoza.com <http://kartoza.com/> to find out about open source:
> 
> * Desktop GIS programming services
> * Geospatial web development
> * GIS Training
> * Consulting Services
> 
> Skype: timlinux Irc: timlinux on #qgis at freenode.net <http://freenode.net/>
> Tim is a member of the QGIS Project Steering Committee
> 
> Kartoza is a merger between Linfiniti and Afrispatial
> 

—





Tim Sutton

Visit http://kartoza.com <http://kartoza.com/> to find out about open source:

* Desktop GIS programming services
* Geospatial web development
* GIS Training
* Consulting Services

Skype: timlinux Irc: timlinux on #qgis at freenode.net
Tim is a member of the QGIS Project Steering Committee

Kartoza is a merger between Linfiniti and Afrispatial

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/board/attachments/20151017/3b51c76c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: KartozaLogo160x66.png
Type: image/png
Size: 9324 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/board/attachments/20151017/3b51c76c/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.osgeo.org/pipermail/board/attachments/20151017/3b51c76c/attachment.sig>


More information about the Board mailing list