If you have a community member who cares I would go with their opinion. The key community that cares is you (I.e. has already signed up to the system admin committee). The board does not have the expertise or the passion to advise on each matter. <br><br>You are a foundation officer with an approved budget. The SAC is trusted to spend responsibly, perhaps keeping budget in reserve for crazy things like the attack this week. <br><br><br><br><br><br><br><div class="gmail_quote"><div dir="ltr">On Fri, May 6, 2016 at 12:55 PM Alex M <<a href="mailto:tech_dev@wildintellect.com">tech_dev@wildintellect.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">For me it was a philosophy question. Does the board care, or the<br>
community care if we don't have a Org Validated certificate? So far most<br>
of SAC has very little opinion on the topic. Martin prefers OV, because<br>
thats the tradition with Orgs.<br>
<br>
Thanks,<br>
Alex<br>
<br>
On 05/06/2016 12:50 PM, Jody Garnett wrote:<br>
> I do not think the board needs a position, we are happy to be guided by the<br>
> system admin committee in this (and many matters) :D<br>
><br>
> I would tend to error on the side of less volunteer time as a rule, but it<br>
> is really up to SAC.<br>
><br>
> --<br>
> Jody Garnett<br>
><br>
> On 6 May 2016 at 11:06, Alex M <<a href="mailto:tech_dev@wildintellect.com" target="_blank">tech_dev@wildintellect.com</a>> wrote:<br>
><br>
>> OSGeo Board,<br>
>><br>
>> We recently renewed the SSL certificate for the *.<a href="http://osgeo.org" rel="noreferrer" target="_blank">osgeo.org</a> domains. In<br>
>> doing so there's an unresolved policy question I'd like to get answered.<br>
>><br>
>> Our old certificate was Org Validated (OV). All that means is that the<br>
>> certificate authority does a little extra checking on the org, it's<br>
>> slightly more expensive (~$150+/yr), and that it's harder to change<br>
>> anything in our account related to the certificate. The outward facing<br>
>> result is that if you read the certificate details the Organization(O)<br>
>> line is filled out.<br>
>><br>
>> The new certificate (because we were on a time crunch) is a Domain<br>
>> Validated (DV). It's a little cheaper, and way easier to login and work<br>
>> with. It's also similar enough to Mozilla's new letsencrypt project that<br>
>> we might be able to switch to that later on.<br>
>><br>
>> From a money perspective, I don't think the difference between $250 vs<br>
>> $400 a year is big difference. From a technical perspective both work,<br>
>> equally well. Other orgs seems to mostly use OV certificates. But I've<br>
>> found very few people who seem to care, and you can't really tell unless<br>
>> you open the certificate details.<br>
>><br>
>> The only thing that would happen now if we change back to OV, is that it<br>
>> will take more volunteer hours to get the new one, cancel the current<br>
>> one (100% refund is not an issue in the 1st 30 days).<br>
>><br>
>><br>
>> Does the board have a position on if they want to use an OV or are<br>
>> people content with the DV certificates?<br>
>><br>
>><br>
>> Thanks,<br>
>> Alex<br>
>> Sys Admin Committee<br>
>><br>
>><br>
>><br>
<br>
_______________________________________________<br>
Board mailing list<br>
<a href="mailto:Board@lists.osgeo.org" target="_blank">Board@lists.osgeo.org</a><br>
<a href="http://lists.osgeo.org/mailman/listinfo/board" rel="noreferrer" target="_blank">http://lists.osgeo.org/mailman/listinfo/board</a></blockquote></div><div dir="ltr">-- <br></div><div dir="ltr">--<div>Jody Garnett</div></div>