[Savannah-register-public] [task #5188] Submission of X.509 Cert

[Bernhard Fastenrath]

URL:
  <http://savannah.nongnu.org/task/?func=detailitem&item_id=5188>

                 Summary: Submission of X.509 Cert
                 Project: Savannah Administration
            Submitted by: fasten
            Submitted on: Mon 01/23/06 at 14:05
         Should Start On: Mon 01/23/06 at 00:00
   Should be Finished on: Thu 02/02/06 at 00:00
                Category: Project Approval
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Percent Complete: 0%
             Open/Closed: Open
                  Effort: 0.00

    _______________________________________________________

Details:

A new project has been registered at Savannah 
The project account will remain inactive until a site admin approve or
discard the registration.


######### REGISTRATION ADMINISTRATION #########

While this item will be useful to track the registration process, approving
or discarding the registration must be done using the specific "Group
Administration" page, accessible only to site administrators, effectively
logged as site administrators (superuser):

  <https://savannah.nongnu.org/admin/groupedit.php?group_id=8306>


######### REGISTRATION DETAILS ######### 

Full Name:
----------
  X.509 Cert

System Group Name:
-----------------
  cert

Type:
-----
  non-GNU software & documentation

License:
-------- 
  GNU Free Documentation License

Description:
------------
  A community operated X.509 CA for software certification. The Root CA will
allow interested software projects to become second level CAs. The project
itself will primarily release a key revocation list. The main goal is to have
a CA that allows to sign free software for free and can be expected to act
responsibly when certificates need to be revoked.
A secondary goal is to release code review policies and allow peer review of
free software to be categorized according to the type of review that a piece
of software was subjected to. In order for X.509 certificates to be issued a
project's CA operator would need to join this projects and participate in the
community. In a secondary step the project CA operator would need to issue a
dedicated OpenPGP key and receive at least 20 signature with a sufficient
trust ranking to be allowed to operate a project CA with a key signed by the
Root CA.
A democratic process within the project would then designate administrators
who can generate project CA certificates and revoke them.
The development of policies could happen in a Wiki with the administrators as
wiki administrators.


Other Software Required:
------------------------
  A free X.509 CA tool.


Other Comments:
---------------
  This is a CA for the exclusive purpose of software certification and
verification. The Root CA may become a second level CA of
http://www.cacert.org/ but as cacert.org is not a community for software
certification it can not be replaced by a cacert.org certificate. The
community must be able to reply to software security incidents, hence the
name 'cert' (as in computer emergency reponse team).









    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/task/?func=detailitem&item_id=5188>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/