On Thu, Jul 03, 2014 at 12:46:45PM -0400, Hans-Christoph Steiner wrote:
Google uses SPKI pinning heavily, for example, but they still use CA-signed certificates so their HTTPS works with Firefox, IE, Opera, etc.
Yes, and MS does similar. The difference is, they own their infrastructure and debian relies on donations. It's a lot harder for debian to control the certificates on third party machines than it is for a big company to control the certificates on its own machines.
Mike Stone