[Systems] Who should legally hold sugarlabs domains/SSL certs, and who should decide who should hold them? (was Re: Fwd: Gandi donates large amount of account credit to Conservancy for VPS's, domain registration, and SSL certificates)

Bernie Innocenti bernie at sugarlabs.org
Fri Aug 3 01:38:29 EDT 2012

On Wed, 2012-08-01 at 13:26 -0400, Bradley M. Kuhn wrote:
> Chris Leonard wrote at 09:12 (EDT):
> > Speaking for myself, I think the SLOBs would/should entrust domain
> > name registrations, certificates and DNS issues to our extremely
> > competent (albeit overworked) Infrastructure team, and to Bernie's
> > leadership on those issues.
> Just to be clear: those details would still be so-handled in any event,
> if you decide to have Conservancy be the domain-holder.
> What I'm talking about is just the legal holder of the domain being
> Conservancy.  We'd only set "Billing Contact" and "Administrative
> Contact" to Conservancy -- Bernie and the infrastructure team would
> decide "Technical Contact" for the domains.
> But, that said, it's not mandatory that a Conservancy project host its
> domains with Conservancy -- it's purely a Gandi-specific rule
> (apparently) that the SSL certificates Gandi generates be only for
> domains where the generating/paying account match the admin contact of
> the domain.

The ADMIN-C record of sugarlabs.org was already pointing at the SFC:

Admin ID:nca-10569392-740
Admin Name:Bradley Kuhn
Admin Organization:Software Freedom Conservancy
Admin Street1:1995 BROADWAY FL 17
Admin Street2:
Admin Street3:
Admin City:New York
Admin State/Province:NY
Admin Postal Code:10023-5882
Admin Country:US
Admin Phone:+1.2124613245
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:info at sfconservancy.org

Does Gandi simply check for the email to match, or do they need the
domain to be registered with them?

> The other option is for Sugar to just pay from its funds for SSL certs
> (which is what most projects typically did before the donation from
> Gandi was received).

I've been paying out of my pocket for the SL domains, it's no big deal,
but until now I resisted purchasing SSL certificates because I'd rather
not finance the SSL CA racket which consists in creating artificial
scarcity to sell random bits at a premium.

Note that I'm not dragging SL into my personal political battles: if we
can't get the free SSL cert from Gandi, I can simply continue to renew
the StartSSL certs, albeit every year and one at a time -- another
artificial restriction meant to encourage customers to pay for the
professional random bits (-:

Bernie Innocenti
Sugar Labs Infrastructure Team

More information about the Systems mailing list