[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-register-public] [task #5188] Submission of X.509 Cert
From: |
Bernhard Fastenrath |
Subject: |
[Savannah-register-public] [task #5188] Submission of X.509 Cert |
Date: |
Mon, 23 Jan 2006 14:05:35 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 |
URL:
<http://savannah.nongnu.org/task/?func=detailitem&item_id=5188>
Summary: Submission of X.509 Cert
Project: Savannah Administration
Submitted by: fasten
Submitted on: Mon 01/23/06 at 14:05
Should Start On: Mon 01/23/06 at 00:00
Should be Finished on: Thu 02/02/06 at 00:00
Category: Project Approval
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Percent Complete: 0%
Open/Closed: Open
Effort: 0.00
_______________________________________________________
Details:
A new project has been registered at Savannah
The project account will remain inactive until a site admin approve or
discard the registration.
######### REGISTRATION ADMINISTRATION #########
While this item will be useful to track the registration process, approving
or discarding the registration must be done using the specific "Group
Administration" page, accessible only to site administrators, effectively
logged as site administrators (superuser):
<https://savannah.nongnu.org/admin/groupedit.php?group_id=8306>
######### REGISTRATION DETAILS #########
Full Name:
----------
X.509 Cert
System Group Name:
-----------------
cert
Type:
-----
non-GNU software & documentation
License:
--------
GNU Free Documentation License
Description:
------------
A community operated X.509 CA for software certification. The Root CA will
allow interested software projects to become second level CAs. The project
itself will primarily release a key revocation list. The main goal is to have
a CA that allows to sign free software for free and can be expected to act
responsibly when certificates need to be revoked.
A secondary goal is to release code review policies and allow peer review of
free software to be categorized according to the type of review that a piece
of software was subjected to. In order for X.509 certificates to be issued a
project's CA operator would need to join this projects and participate in the
community. In a secondary step the project CA operator would need to issue a
dedicated OpenPGP key and receive at least 20 signature with a sufficient
trust ranking to be allowed to operate a project CA with a key signed by the
Root CA.
A democratic process within the project would then designate administrators
who can generate project CA certificates and revoke them.
The development of policies could happen in a Wiki with the administrators as
wiki administrators.
Other Software Required:
------------------------
A free X.509 CA tool.
Other Comments:
---------------
This is a CA for the exclusive purpose of software certification and
verification. The Root CA may become a second level CA of
http://www.cacert.org/ but as cacert.org is not a community for software
certification it can not be replaced by a cacert.org certificate. The
community must be able to reply to software security incidents, hence the
name 'cert' (as in computer emergency reponse team).
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/task/?func=detailitem&item_id=5188>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [Savannah-register-public] [task #5188] Submission of X.509 Cert,
Bernhard Fastenrath <=