Ubuntu
evolution package

Bug #232340
Comment #84

Comment 84 for bug 232340

Revision history for this message

In Mozilla Bugzilla #215243, codeslinger (codeslinger) wrote on 2005-01-30:

#84

If I may be permitted to make a few observations

1) I am not related to MF or CACert. I am a programmer/computer consultant and
provide email services and webhosting to some of my clients. These are very
small sites not big buck companies, not one of them can justify paying the
prices verisign charges.

2) I think the CACert concept is excellent. I have long balked at the hiway
robbery of the Verisign$ monopoly.

3) This bug/request was entered/opened in August of 2003. It is now Jan 30,
2005!! For crying out loud... how about a little bit less heel dragging?!?...
Just how the heck long does it take to make a decision anyway...?? See
Especially this link. http://www.heretical.com/miscella/parkinsl.html
It makes me wonder how the absolutely superlative FireFox ever managed to happen
to begin with, if this is typical of your decision making process...

4) I am strongly disinclined to install and configure a bunch of stuff just so
that I can access your news forum. Is it really too much trouble to use a web
based forum like the majority of people do these days? Am I the only person who
has made the observation that usenet type news services appear to be fading into
obscurity? Web forums are the new paridigm.

5) People keep harping on the idea of shipping a disabled certificate as a so
called "solution". At the risk of being insulting, may I point out that this is
an absurd and ill conceived notion showing a major lack of conceptual insight
into the actual goal... (that's the toned down version).

Now look, what is the goal? Te goal is that people can go to a site which uses
a CACert; and without any fuss or bother they can access that site using SSL.

Now, what happens when you go to a site for which there is no trusted
certificate installed? Well, you get a dialog that pops up and warns you that
there is no valid certificate and asks if you would like to install it. The
dialog itself looks kind of ominous and intimidating. So the very justifiable
concern is that users won't want to accept the certificate and won't be able to
access the site, and may very probably turn into a support contact phone/email
which then requires manpower to deal with; or else they just leave, never to be
seen again.

Now, what happens when you go to a site for which you have a disabled
certificate installed???? Well, gee whiz... the very same dialog, or a close
cousin pops up and ominously intimidates the user by warning them that there may
be a certificate available for this site but it's been disabled because MF
doesn't trust it enough to be willing to install it properly.... And it asks
the user the very similar question of whether or not to activate it.

Now the whole goal of all of this, is so that the end user does not have to get
all freaked out by all these strange pop up warnings. I think that most of the
people reading this bugzillia have a good appreciation for the discomfort level
of the typical novice computer user.

And then there is the fact that to implement this "installed but disabled"
thang, you will have to write quite a but of extra code, and add still more
functionality that few people will know how to use. And the net effect is that
the user must go through just as much effort, if not more. And the overall
complexity of the software increases, with no net benefit.

6) So the question is.... Shall big buck unscrupulous corporate monopolies
(Verisign) be allowed to control and dominate the security of the internet. Or
shall we embrace a viable and open alternative?

7) Now I can certainly appreciate the very legitimate concern that you do not
want to open the floodgates to an anything goes environment. But as has been
ably pointed out elsewhere in this discussion, it is also not fair to hold
newcomers to a higher standard of entry then what the established companies have
had to meet. And it is not fair to impose financially burdensome procedures
onto applicants. The financial burden does nothing to ensure the integerity of
the applicant, all it does is to raise the bar so high as to ensure the
continuation of the monopoly. And that only companies with deep pockets and
strong profit motives shall ever succeed in getting approved.

If that was the kind of world you wanted to live in, then you would have never
written the superb FireFox.

By all appearances the CACert endeavour is a legitimate and very worthwhile
solution. It saddens me to see how much foot dragging has occurred. Surely in
the year and a half that this bug has been active, people could have reached
level of agreement? A great opportunity was lost when the CACert failed to ship
with the 1.0 release. Perhaps it can be added to the auto-updater?

Well, that's my 3 cents worth. It's not my intention to be insulting, but as an
outsider giving an objective view of this situation, I feel a lot of frustration
with the way in which it was handled. And I believe that Duane is deserving of
a lot of credit for his restraint and enduring patient persistance. This alone
speaks quite well of his endeavour. And if you think that the little tiff, that
occurred with their board meeting is a basis for disqualifying them. Then allow
me to ask what is you basis of comparision? What is your frame of reference?
Have you ever been privy to the board meeting of Verisign? Why do you think
that they are free of polotical maneuvering and clashes of opinion? Most
assuredly they are not. You want transparency? Verisign won't even tell you
what they are up to; but for better or worse CACert has the courage to show you
every wart.

Again, I say, it is not my intention to be insulting. MF has made a fantastic
contribution to the world, and people have worked very hard to do it. But it is
my hope that this somewhat acerbic commentary will light a F I R E and get this
thang moving forward. It's long overdue...

Ciao,
-- Erik

If I may be permitted to make a few observations

1) I am not related to MF or CACert.  I am a programmer/computer consultant and
provide email services and webhosting to some of my clients.  These are very
small sites not big buck companies, not one of them can justify paying the
prices verisign charges.

2) I think the CACert concept is excellent.  I have long balked at the hiway
robbery of the Verisign$ monopoly.

3) This bug/request was entered/opened in August of 2003.  It is now Jan 30,
2005!!  For crying out loud...  how about a little bit less heel dragging?!?...
  Just how the heck long does it take to make a decision anyway...??   See
Especially this link.  http://www.heretical.com/miscella/parkinsl.html
It makes me wonder how the absolutely superlative FireFox ever managed to happen
to begin with, if this is typical of your decision making process...

4) I am strongly disinclined to install and configure a bunch of stuff just so
that I can access your news forum.  Is it really too much trouble to use a web
based forum like the majority of people do these days?  Am I the only person who
has made the observation that usenet type news services appear to be fading into
obscurity?  Web forums are the new paridigm.

5) People keep harping on the idea of shipping a disabled certificate as a so
called "solution".  At the risk of being insulting, may I point out that this is
an absurd and ill conceived notion showing a major lack of conceptual insight
into the actual goal...  (that's the toned down version).

Now look, what is the goal?  Te goal is that people can go to a site which uses
a CACert; and without any fuss or bother they can access that site using SSL.

Now, what happens when you go to a site for which there is no trusted
certificate installed?  Well, you get a dialog that pops up and warns you that
there is no valid certificate and asks if you would like to install it.  The
dialog itself looks kind of ominous and intimidating.  So the very justifiable
concern is that users won't want to accept the certificate and won't be able to
access the site, and may very probably turn into a support contact phone/email
which then requires manpower to deal with; or else they just leave, never to be
seen again.

Now, what happens when you go to a site for which you have a disabled
certificate installed????   Well, gee whiz...  the very same dialog, or a close
cousin pops up and ominously intimidates the user by warning them that there may
be a certificate available for this site but it's been disabled because MF
doesn't trust it enough to be willing to install it properly....  And it asks
the user the very similar question of whether or not to activate it.

Now the whole goal of all of this, is so that the end user does not have to get
all freaked out by all these strange pop up warnings.  I think that most of the
people reading this bugzillia have a good appreciation for the discomfort level
of the typical novice computer user.

And then there is the fact that to implement this "installed but disabled"
thang, you will have to write quite a but of extra code, and add still more
functionality that few people will know how to use.  And the net effect is that
the user must go through just as much effort, if not more.  And the overall
complexity of the software increases, with no net benefit.

6) So the question is....  Shall big buck unscrupulous corporate monopolies
(Verisign) be allowed to control and dominate the security of the internet.  Or
shall we embrace a viable and open alternative?

7) Now I can certainly appreciate the very legitimate concern that you do not
want to open the floodgates to an anything goes environment.  But as has been
ably pointed out elsewhere in this discussion, it is also not fair to hold
newcomers to a higher standard of entry then what the established companies have
had to meet.  And it is not fair to impose financially burdensome procedures
onto applicants.  The financial burden does nothing to ensure the integerity of
the applicant, all it does is to raise the bar so high as to ensure the
continuation of the monopoly.  And that only companies with deep pockets and
strong profit motives shall ever succeed in getting approved.

If that was the kind of world you wanted to live in, then you would have never
written the superb FireFox.

By all appearances the CACert endeavour is a legitimate and very worthwhile
solution.  It saddens me to see how much foot dragging has occurred.  Surely in
the year and a half that this bug has been active, people could have reached
level of agreement?  A great opportunity was lost when the CACert failed to ship
with the 1.0 release.  Perhaps it can be added to the auto-updater?

Well, that's my 3 cents worth.  It's not my intention to be insulting, but as an
outsider giving an objective view of this situation, I feel a lot of frustration
with the way in which it was handled.  And I believe that Duane is deserving of
a lot of credit for his restraint and enduring patient persistance.  This alone
speaks quite well of his endeavour.  And if you think that the little tiff, that
occurred with their board meeting is a basis for disqualifying them.  Then allow
me to ask what is you basis of comparision? What is your frame of reference? 
Have you ever been privy to the board meeting of Verisign?  Why do you think
that they are free of polotical maneuvering and clashes of opinion?  Most
assuredly they are not.  You want transparency?  Verisign won't even tell you
what they are up to; but for better or worse CACert has the courage to show you
every wart.

Again, I say, it is not my intention to be insulting. MF has made a fantastic
contribution to the world, and people have worked very hard to do it.  But it is
my hope that this somewhat acerbic commentary will light a F I R E  and get this
thang moving forward.  It's long overdue...
 
Ciao,
-- Erik

Ubuntuevolution package

Comment 84 for bug 232340

Ubuntu
evolution package